Windows Forensic Environment - WinFE Online Course Now Available

Ok, it took a while to get this done, mostly because of other projects.  But it is done.  I have videos of most build methods, tips and tricks, pro's and con's, and aspects of WinFE that you may find important.  I also included every bit of downloadable swag in the course too (batch files, wallpaper, scripts, etc...).

All in all, this is probably the best source of WinFE you will find.  I encourage you to share it and use it, after all, this is a free tool.  If anyone has suggestions on making the course better, let me know and I can try to squeeze in some improvements.

[caption id="attachment_1231" align="aligncenter" width="700"]winfe http://courses.dfironlinetraining.com/windows-forensic-environment


 

On another note, I am also releasing the first of several X-Ways Forensics online courses on Monday, June 30, 2014.  

 

I'll send out a reminder on June 30 through twitter and the XWF blog.  The XWF online course is not free like the WinFE course, but it is also not expensive.  From Monday, the X-Ways course will be $195 but I will publish a discount code good for two weeks (through July 14) for 25% off.


The WinFE course was lots of work, but certainly worth the time to watch. The X-Ways course is something else entirely. The manner in which I made the X-Ways course is so that you can follow along with XWF in learning how to work a case with X-Ways Forensics.  The course describes the options and buttons in XWF, but also shows how to simply work a case.  There are literally so many features in X-Ways, that without training, you will be missing about 50% of what you should be doing.  I found that even the most current version of the X-Ways manual does not list features in XWF...lots of information to keep up with, tons of features to consider, easy to miss something that you should not miss for such a powerful forensic tool.

If you want to be notified of the coupon code, be sure to follow the X-Ways blog at http://xwaysforensics.wordpress.com/ or the twitter account at https://twitter.com/XWaysGuide.

 

WinFE course snafu
New X-Tension: Up to 30GB min speeds on SSD drives...
 

Comments 7

Guest - Jeff Ellis on Sunday, 29 June 2014 18:34

Brett, do you have any ideas for getting .NET 4.XX into a PE/FE Build?

Brett, do you have any ideas for getting .NET 4.XX into a PE/FE Build?
Guest - Brett Shavers on Sunday, 29 June 2014 20:49

Check out the reboot.pro forum. There are several threads (one is http://reboot.pro/topic/15924-how-to-update-to-net-framework-40/) where there are scripts being written or have been written. Download and save the script to the winbuilder project folders and you'll have the option to add it when you build. Don't build a 64bit, it probably won't work with dotnet.

Check out the reboot.pro forum. There are several threads (one is http://reboot.pro/topic/15924-how-to-update-to-net-framework-40/) where there are scripts being written or have been written. Download and save the script to the winbuilder project folders and you'll have the option to add it when you build. Don't build a 64bit, it probably won't work with dotnet.
Guest - Misty on Tuesday, 01 July 2014 05:03

You could try Mini-WinFE - use one of the ADK pre processing scripts in the Tools folder and select the relevant .NET framework support - e.g. WinPE-NetFX.

.NET support in WinPE is limited - see http://technet.microsoft.com/en-gb/library/hh824926.aspx. The ADK scripts will handle the dependencies (WinPE-WMI)

You could try Mini-WinFE - use one of the ADK pre processing scripts in the Tools folder and select the relevant .NET framework support - e.g. WinPE-NetFX. .NET support in WinPE is limited - see http://technet.microsoft.com/en-gb/library/hh824926.aspx. The ADK scripts will handle the dependencies (WinPE-WMI)
Guest - d8aCopDA-5 on Tuesday, 01 July 2014 08:04

That is all Greek to me.

That is all Greek to me.
Guest - Brett Shavers on Tuesday, 01 July 2014 08:26

The short answer is that it's not easy.

The longer answer is that dotnet adds a whole of data to the build and is not so easy to inject it. There are a few vendors working on a simple solution with help from some great folks (like Misty...). If a solution is developed that is simple (one button selection for building), then the world opens up for running virtually everything in WinFE/PE.

The short answer is that it's not easy. The longer answer is that dotnet adds a whole of data to the build and is not so easy to inject it. There are a few vendors working on a simple solution with help from some great folks (like Misty...). If a solution is developed that is simple (one button selection for building), then the world opens up for running virtually everything in WinFE/PE.
Guest - Emory Mullis on Saturday, 19 July 2014 13:57

I have just completed this course and it was worth my day to do it. Thank you for putting this together.

I have just completed this course and it was worth my day to do it. Thank you for putting this together.
Guest - Brett Shavers on Saturday, 19 July 2014 14:20

Thank you very much. I hope that you'll be able to use WinFE when you see fit.

Thank you very much. I hope that you'll be able to use WinFE when you see fit.
Already Registered? Login Here
Guest
Wednesday, 26 July 2017