This video is still being processed. Please check back later.

Windows Forensic Environment (WinFE)

Everything you need to know about building and using the Windows Forensic Environment

About this course

This course is specific to the Windows Forensic Operating System.  Everything you need to build and use a WinFE is included in this course (except your personal license for Windows that is needed to build a WinFE) .  You'll learn why WinBuilder was chosen as the preferred method, how previous methods are now outdated, and how other methods are not as well suited as the latest Mini-WinFE build.  In fact, the latest build application is focused on during this course.

You'll learn various methods of using a WinFE, whether it is for civil matters, criminal cases, or educational uses.  Customize your WinFE specific to your needs and see how a customized WinFE boot disc may handle the vast majority of booting the evidence computer forensically over other boot systems such as Linux Live CDs.

This course (updated in 2018) is the first course specific to all aspects of WinFE (good, bad, and indifferent) taught by a main developer of the forensic WinFE tool, used alongside alternative booting systems such as Linux and Mac.  Much of the information taught in the today's training programs about WinFE (such as SEARCH, FLETC, NW3C, and other providers) has originated from the presenter's research and assistance in creating law enforcement-only courses in WinFE, which is the same information you will see in this course.

Total hours: 3       |       Downloads: Included        |       Course access: 6 months (24/7)

For Linux, Mac, and discussion on forensic operating systems that are more fully explained, check out the Forensic Operating System Course.  WinFE is included in the Forensic Operating System course. If you are interested in everything related to forensic boot systems, register for the Forensic Operating System course, and not this course as WinFE is included in the Forensic Operating System course.

Your presenter, Brett Shavers

I have been working in the digital forensics field since 2004 and have been a part of some amazing cases and forensic software developments. Visit my blog for more information about me at brettshavers.cc.  I have been involved in the development of WinFE since before its public release by Troy Larson of Microsoft in 2008.  As an evangelist for WinFE, I have coordinated WinFE's development with the assistance of software developers and experts world-wide, from selecting the builder application, write protection tool development, and beta testing, along with providing guidance in the development of law enforcement training courses that utilize WinFE as a triage tool of choice.  Since the initial release of WinFE to law enforcement and subsequent release to the public, WinFE has made its way into being taught in basic and advanced digital forensics programs such as the Federal Law Enforcement Training Center (FLETC), the International Association of Computer Investigative Specialists (IACIS), the National Consortium for Justice Information and Statistics (SEARCH), and universities world-wide.

Curriculum

  • Introduction
  • Preview
    Introduction
  • Write Protection
  • WinFE Write Protection
  • WinFE Write Protect Application
  • Windows Forensic Operating System
  • Decision-Making Process
  • Bootable Media
  • Concerning the potential of WinFE to write to the disk
  • Overview of the WinFE builds
  • DiskPart Lecture
  • DiskPart Demo
  • Basic WinFE
  • Basic WinFE Build
  • Basic WinFE Batch File Downloads
  • Mini-WinFE
  • Download the Mini-WinFE Project!
  • Prep to build Mini-WinFE
  • Building Mini-WinFE
  • WinFE Lite
  • Building WinFE Lite
  • WinFE Lite Build Instructions and Downloads
  • Windows Triage Environment (WTE)
  • Windows Triage Environment (WTE)
  • Windows To Go (WTG/W2G)
  • Windows To Go (WTG/W2G)
  • The Commercial "WinFE"
  • Purchasing a WinFE
  • Bootable USB Devices
  • Bootable USB Devices
  • Methods of Use
  • Creative Uses of WinFE
  • WinFE and Bitlocked Drives
  • Teaching Windows Forensic Environment and forensic operating systems
  • Unique Devices
  • Validation
  • Validation
  • Wrapping Up
  • Wrapping Up
  • Supporting Links
  • Keeping up with WinFE
  • The WinFE Group
  • Certification of Course Completion
  • WinFE Exam

About this course

This course is specific to the Windows Forensic Operating System.  Everything you need to build and use a WinFE is included in this course (except your personal license for Windows that is needed to build a WinFE) .  You'll learn why WinBuilder was chosen as the preferred method, how previous methods are now outdated, and how other methods are not as well suited as the latest Mini-WinFE build.  In fact, the latest build application is focused on during this course.

You'll learn various methods of using a WinFE, whether it is for civil matters, criminal cases, or educational uses.  Customize your WinFE specific to your needs and see how a customized WinFE boot disc may handle the vast majority of booting the evidence computer forensically over other boot systems such as Linux Live CDs.

This course (updated in 2018) is the first course specific to all aspects of WinFE (good, bad, and indifferent) taught by a main developer of the forensic WinFE tool, used alongside alternative booting systems such as Linux and Mac.  Much of the information taught in the today's training programs about WinFE (such as SEARCH, FLETC, NW3C, and other providers) has originated from the presenter's research and assistance in creating law enforcement-only courses in WinFE, which is the same information you will see in this course.

Total hours: 3       |       Downloads: Included        |       Course access: 6 months (24/7)

For Linux, Mac, and discussion on forensic operating systems that are more fully explained, check out the Forensic Operating System Course.  WinFE is included in the Forensic Operating System course. If you are interested in everything related to forensic boot systems, register for the Forensic Operating System course, and not this course as WinFE is included in the Forensic Operating System course.

Your presenter, Brett Shavers

I have been working in the digital forensics field since 2004 and have been a part of some amazing cases and forensic software developments. Visit my blog for more information about me at brettshavers.cc.  I have been involved in the development of WinFE since before its public release by Troy Larson of Microsoft in 2008.  As an evangelist for WinFE, I have coordinated WinFE's development with the assistance of software developers and experts world-wide, from selecting the builder application, write protection tool development, and beta testing, along with providing guidance in the development of law enforcement training courses that utilize WinFE as a triage tool of choice.  Since the initial release of WinFE to law enforcement and subsequent release to the public, WinFE has made its way into being taught in basic and advanced digital forensics programs such as the Federal Law Enforcement Training Center (FLETC), the International Association of Computer Investigative Specialists (IACIS), the National Consortium for Justice Information and Statistics (SEARCH), and universities world-wide.

Curriculum

  • Introduction
  • Preview
    Introduction
  • Write Protection
  • WinFE Write Protection
  • WinFE Write Protect Application
  • Windows Forensic Operating System
  • Decision-Making Process
  • Bootable Media
  • Concerning the potential of WinFE to write to the disk
  • Overview of the WinFE builds
  • DiskPart Lecture
  • DiskPart Demo
  • Basic WinFE
  • Basic WinFE Build
  • Basic WinFE Batch File Downloads
  • Mini-WinFE
  • Download the Mini-WinFE Project!
  • Prep to build Mini-WinFE
  • Building Mini-WinFE
  • WinFE Lite
  • Building WinFE Lite
  • WinFE Lite Build Instructions and Downloads
  • Windows Triage Environment (WTE)
  • Windows Triage Environment (WTE)
  • Windows To Go (WTG/W2G)
  • Windows To Go (WTG/W2G)
  • The Commercial "WinFE"
  • Purchasing a WinFE
  • Bootable USB Devices
  • Bootable USB Devices
  • Methods of Use
  • Creative Uses of WinFE
  • WinFE and Bitlocked Drives
  • Teaching Windows Forensic Environment and forensic operating systems
  • Unique Devices
  • Validation
  • Validation
  • Wrapping Up
  • Wrapping Up
  • Supporting Links
  • Keeping up with WinFE
  • The WinFE Group
  • Certification of Course Completion
  • WinFE Exam