Search Brett's Ramblings

Create your own WinFE ISO, for free, in just a few minutes

The below video shows how simply and quickly you can create a WinFE ISO. As you'll see in the video, all you need to do is...
1) Install Windows AIK
2) Download the WinFE batch files
3) Run "createfolders.bat"
4) Copy your forensic tools into a folder
5) Run "createwinfe.bat"
6) Burn your CD with the created ISO

[youtube=http://www.youtube.com/watch?v=VUwDjYC5TUE]

0
WinFE Wish List
Gargoyle and Windows Forensic Environment
 

Comments 4

Guest - Alex Alborzfard on Friday, 09 July 2010 10:45

I created the .ISO following the instructions in the video (the second detailed one), and burned it to a CD. Booted the system off CD, it went thru 'Windows Loading files", and the Windows Vista progress bar, but then it opened up a Command Prompt Window and hung on the prompt. FYI I used the old WAIK (Compatible w. XP, Vista & Server 03 - Vista_6000.16386.061101-2205-LRMAIK_EN.img).
Any ideas why this is happening?

I created the .ISO following the instructions in the video (the second detailed one), and burned it to a CD. Booted the system off CD, it went thru 'Windows Loading files", and the Windows Vista progress bar, but then it opened up a Command Prompt Window and hung on the prompt. FYI I used the old WAIK (Compatible w. XP, Vista & Server 03 - Vista_6000.16386.061101-2205-LRMAIK_EN.img). Any ideas why this is happening?
Guest - WinFE on Friday, 09 July 2010 11:11

When the command prompt opens, it may take some time before you get a cursor to work with. I can't think of a reason where it would hang forever. Which OS did you make the ISO with?

When the command prompt opens, it may take some time before you get a cursor to work with. I can't think of a reason where it would hang forever. Which OS did you make the ISO with?
Guest - Anonymous on Friday, 06 August 2010 13:59

I created the .ISO also following the instructions. Everything went fine, so I loaded it up and ran diskpart in the command prompt. This can be shaky sometimes, (I'm trying to do this all automated), and when I look up the information: Disk 0,Disk 1, etc are usually "online" and the volumes are not even mapped with a letter. If there is no letter, then you can't write to the drive (duh), but does it matter that the disks are "online"? When you check the details of the disk, they will say "read only = no" and even for the volumes.

I created the .ISO also following the instructions. Everything went fine, so I loaded it up and ran diskpart in the command prompt. This can be shaky sometimes, (I'm trying to do this all automated), and when I look up the information: Disk 0,Disk 1, etc are usually "online" and the volumes are not even mapped with a letter. If there is no letter, then you can't write to the drive (duh), but does it matter that the disks are "online"? When you check the details of the disk, they will say "read only = no" and even for the volumes.
Guest - WinFE on Thursday, 19 August 2010 11:08

There is a solution to this manual process of drive/volume mounting with a clear view of exactly which drive is "READ ONLY" or "READ/WRITE", as well as choosing the change this status of attached drives. However, before releasing this automated tool to WinFE, it is being tested and reviewed. As soon as it is released on this site, they'll be no doubt as to putting drives online/offline. The manual process works, but its nice to have a push button GUI dialog box that shows you what you want to see clearly. If the drive is not mapped to a letter, you cannot write to it (nor would you want to if it is your evidence drive).

There is a solution to this manual process of drive/volume mounting with a clear view of exactly which drive is "READ ONLY" or "READ/WRITE", as well as choosing the change this status of attached drives. However, before releasing this automated tool to WinFE, it is being tested and reviewed. As soon as it is released on this site, they'll be no doubt as to putting drives online/offline. The manual process works, but its nice to have a push button GUI dialog box that shows you what you want to see clearly. If the drive is not mapped to a letter, you cannot write to it (nor would you want to if it is your evidence drive).
Already Registered? Login Here
Guest
Sunday, 20 May 2018