@erwan.l
If you are up for the challenge of creating a Forensic imaging tool then I'd suggest that you look at Colin Ramsden's Write Protect Tool (WProtect.exe - see here) as a starting point. Colin has done a simply amazing job of packing such a large amount of features into such a small (40 kb!) application. If you could create a tool with similar features + imaging capabilities that could be run as a shell - I might just kiss you. Provided you are ever in my neighbourhood. In which case I'll be out until you leave
My wish/feature list would be -
- Dependancy free for use in WinFE
- A warning if you close the program as this will end the WinFE session if it's being run as the shell (e.g. Are you sure you want to end this session? YES/NO)
- Commandline support to set all disks as offline and readonly - to be used in winpeshl.ini
- Option to toggle read/write so that the evidence disk can be saved to external media - which would not be possible if the disk write protection can't be removed
- Mount selected drive(s) - allocating a drive letter
- Launch cmd.exe (for advanced usage - maybe hide)
- Add drivers for unsupported hardware
- Image (preferably with compression option(s)) to file
- Option to capture whole disk or volume
- Hash check to verify image against disk/volume captured
- Mount disk image
- Remove everything else not required for imaging
Regards,
Misty