Jump to content


Mastering WinFE. This is the (only) way.

  • Please log in to reply
No replies to this topic

#1 bshavers


    Frequent Member

  • Developer
  • 139 posts
    United States

Posted 22 July 2023 - 06:56 PM


The first-ever, WinFE Train-the-Trainer (WinFE Instructor) starts on Monday, July 24. This is a live, online course with an on-demand version available shortly thereafter. The live course is full. BUT!!

On Monday, I will have a special package offer for the WinFE training courses. Stay tuned here and on @WindowsFE Twitter to catch the announcement because it will be QUICKLY over in 5 days and limited to 100 registrations (whichever comes first). Considering the number of people that have already signed up, there might not be 100 people left! But if there is, here’s the final chance to grab the offer.

If you subscribed to this blog and have email notifications for posts, you get the added bonus of having access to this special package offer before Monday! As a WinFE blog subscriber, you can take advantage of this limited offer right now!

Here is the offer: https://courses.dfir...offers/zF2Cgb4B

Keep in mind, there are quite a few subscribers to this blog….only the first 100 get the offer.


WinFE Mastery

The key to mastering any subject is being able to teach it to others after you have first learned the subject yourself. Certainly, there are those who teach a subject without knowing more than what they have read or heard in a lecture, but I am referring to those who have learned a subject by doing it well enough to teach it.

Teaching a subject forces you to learn that subject more than just doing it. It requires being able to distill that which you know into instruction that others can learn (and do!) what you know.

That is the purpose of the WinFE Train-the-Trainer course: to give you the opportunity to master a tool.

My promises to you in these courses

You will learn all that you need to know about using WinFE. The courses do not teach ‘how to do forensics’ or ‘how to boot a computer’. WinFE is not a forensic analysis application. You run forensic apps “in” WinFE as WinFE is an operating system.

For booting a computer, there are so many variations in systems to boot to an external media that it deserves its own training curriculum. For that, you need to research the machine in front of you that needs to be booted to WinFE/*nix yourself. This is not difficult and does not need a formal education to understand.

The topics taught in the course includes how to build WinFE (of course), but the other must-know topics are the ones that (1) help support your evidence collection, (2) make cross-examination and depositions easier, and (3) prevent errors in using WinFE or choosing to use WinFE.

If you choose to attempt the WinFE Train-the-Trainer course, you will have my opinion on teaching technology based on 35+ years of instructing and teaching others. My teaching experience is not from being employed as a full-time educator, but rather as a practitioner who has been teaching and instructing others while walking on my own path of learning. There is no academic fluff in how I teach, or what I teach. I leave that to others. I have always believed in teaching how to put the pedal to the metal to get where you are going in the shortest time possible to get the job done.

The WinFE Certification Course

If I “certify” someone in training, I require proof of knowledge and practical hands-on. Do not take this course unless you want to build WinFEs, test them, and pass an exam or two. You won’t get any document of attendance or completion unless you do everything you need to know about WinFE.

As a side note, building WinFE is fast and easy. You do not need a training course in how to build it. There are enough YouTube videos and blog posts showing how to do that. If that is all you want to know, you are good to go without any formal training. With that, be prepared to withstand cross-examination as to your source of learning about WinFE where you collected first-evidence in a legal case with WinFE…

But if you want proof of successful building and testing from one who has been involved in further developing Troy Larson’s original WinFE for the past 15+ years, and you want to put that on your resume, and you want to stun opposing counsel that you have been tried and tested in your use of WinFE, then this course does that. Want a step higher than that…

Take the WinFE Train-the-Trainer Course

This is the icing on the WinFE expertise cake. WinFE is not a commonly used forensic tool, as it is best suited and designed for only one thing (booting a system forensically to external media). With low use, being able to testify that you are an expert in something that you really only used infrequently at best, will be difficult (again, at best).

Taking both the WinFE Cert and the Train-the-Trainer course gives you added cred that you can take to the bank, or the courtroom, so to speak.

Tech Support for WinFE

The short story: There is none.

You are your tech support for WinFE. You control all aspects of it. Building it, troubleshooting it, testing it, validating it, and using it. There is no toll-free number to call if you are trying to figure it out or have questions about it. No support tickets either.

Ergo, these courses. You become the master of WinFE. There is no higher cred of any DFIR tool user than one who is a master of it through training, education, testing, and validation of that tool.

View the full article

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users