TL:DR

Here is the WinFE website with build instructions: www.winfe.net .

Brief overview of some details that may be helpful to know

Developed by Troy Larson of Microsoft in 2008, further developed into a GUI build (WinBuilder) by a number of developers in 2009, with a great write protect tool written by Colin Ramsden in 2012, noted in digital forensic books such as Computer Forensics InfoSec Pro Guide and Computer Forensics and Investigations , taught by FLETC , SEARCH , IACIS , and DFIR Training , documented in dozens of blogs and magazines, WinFE has become a widely accepted and commonly used digital forensics tool. And now you can boot an ARM device and image it with WinFE 10.

Windows Forensic Environment Training available

Typically, WinFE has mostly been law enforcement or association-membership only. Actually, there are no training courses outside of government training. Government training courses have been provided

Read more
You may want to pay attention to Arsenal Recon

There are some forensic apps that come out and you just know that they will become an integral part of most everyone’s forensic tool kit over time (sometimes right away).

I have seen this with several tools over the years in the broad spectrum of DFIR, but in particular where digital forensics is concerned, I have seen several single-purpose, small tools come out and become major players in the field, with a few of the small tools evolving into full-fledged forensic suites.

Short version: Arsenal’s tools are a must-have in a forensic analyst’s toolbox.

Plus, if you want a chance to win the tools, enter your info in the following form. Drawing is on Nov 29 and you don’t have to be present to win (you do have to answer your email to claim the win on the day of the drawing, otherwise, failure to answer the winning email means

Read more

There are few things cooler than finding that one of your forensic tools was updated with new features.  It does not matter which tool, or which new feature. There are times when some of the new features don’t apply to what I work on but are cool nonetheless as it shows that a tool is constantly being developed.  Small, new features are neat, but the major updates are usually so good that I have to immediately test it out.

Using Belkasoft Evidence Center (BEC) as an example, the latest version, 9.7 added quite a bit of new features. I previously blogged about BEC as an all-in-one forensic suite that has a place in my forensic analysis right next to other tools, and the mobile device features added really expand upon the all-in-tool suite concept.

BEC added a lot, which you can read the bullet points here: https://belkasoft.com/whats_new_in_version_9_7

The mobile acquisition

Read more

I have an upcoming review of Forensic Notes . Here’s the summary:

Forensic Notes does exactly what it says it does.

I’ll get into the details later this week, but after corresponding and debating (in a good way) with the developer over notetaking for some time, I’ve been swayed toward better ways to document my work. I’ll discuss some of the things that changed my mind in the review, but fair to say that you may want to take a look at your documentation methods for improvements.

GIVEAWAY !

With that, Forensic Notes is giving away THREE 1-user professional licenses for THREE YEARS . That means you have 3 chances to win a 3-year license. This is a substantial giveaway.

Giveaway date : Oct 28, 2019

Rules : (1) Answer the winning email on Oct 28, 2019 if you win, (2) agree to maybe receive an email from Forensic Notes

Read more