Given some interest, I’d gladly host a webinar on WinFE, (more than 10 minutes worth, showing how to build your own, and not based on selling you some software…).
Troy Larson and Colin Ramsden are working on making some changes and adding features of interest to Windows FE. If you have any ideas as to what you'd like to see, please post them in the forum.
Some of the features of interest are Bitlocker support and VSS support. Feel free to shoot your requests here since you have the best hands on WinFE looking for ideas to implement, and a rare opportunity to 'develop' WinFE as a WinFE user.
The below video shows how simply and quickly you can create a WinFE ISO. As you'll see in the video, all you need to do is...
1) Install Windows AIK
2) Download the WinFE batch files
3) Run "createfolders.bat"
4) Copy your forensic tools into a folder
5) Run "createwinfe.bat"
6) Burn your CD with the created ISO
It is great to see that the Windows Forensic Environment is being used as an accepted forensic platform by software manufactures, such as F-Response (blogged about running F-Response on WinFE) and WetStone. WetStone has a version of their malware software available on the WinFE system (although WetStone calls it the Windows Forensic Edition rather than Environment, I believe they mean the same thing).
Colin Ramsden has been working feverishly on some modifications to WinFE that will appeal to everyone. For some teaser screenshots, take a look here. Bitlocker support, installing drivers while already booted to WinFE, clean shutdown that ejects the CD, and an easy to use Disk Management Console. Believe it or not, Colin has even more to add.
Given the ability to make your own WinFE ISO with Colin's work, you surely will have one of the best forensic boot environments to date.
As you can see, the WinFE site has been migrated to WordPress. This format allows me a little more freedom than Blogger as well as less time maintaining a website. This site and work is free...be patient ;)
You can now find the batch files accessed through direct downloads. I am more than happy to put up additional work or corrections/improvements to what is posted. At this point, Colin Ramsden is working on his code in creating something I call the "SuperDuper Version" of Windows FE. I'll let him describe the details when he is finished, but I promise, from what I've seen so far, it is really cool.
Matt Churchhill (http://mattchurchill.net/2010/06/windowsripper/) has been doing some work to supercharge RegRipper. Take a look at his video and while watching, consider how this can affect your method to triage a computer when booted to WinFE...
This should be a neat webinar on Windows FE and Triage.
Check the "Using WinFE" page for tips on using WinFE for not only triage/preview, but other ways to use the tool. Until I hear otherwise, I have found that X-Ways Forensics is the most complete forensic tool that can run on the Windows Forensic Environment without having to install dongles or hasps, dependent files, or other installation hassles. Simply copying the X-Ways Forensic folder runs the program. Take a look at the Triage/Preview link on this site for some things XWF can do in this sort of scenario.