There are a few behind the scenes work on creating scripts to integrate forensic applications into WinFE. This is substantial work for WinFE users as it reduces your effort to add programs during the build process. Basically, a one button approach to add a forensic application.
But, before you wait for these scripts to be written, remember that you can add many programs without a script or additional work if the program is already portable (meaning, no need to install for it to run). The best example of a full-fledged forensic suite is X-Ways Forensics. Many small forensic applications are also portable and easily copied into a WinFE build. The difference is, X-Ways Forensics is an entire forensic suite, not just one app.
Some forensic apps being worked on now to be put into WinFE may not be full forensic suites, but have a single powerful function that make it worthwhile. I won’t break the news yet and will let the vendors have first crack.
On another note, last week, I helped a LE forensics detective set up a review platform with WinFE for other detectives in his department using X-Ways Investigator.
–Detectives assigned to cases with electronic evidence, particularly illicit images evidence, wanted to do light review work for their cases.
–Reviewing any type of illicit images on a work machine only leads to that machine getting dirtied up. Also, every detective had ‘their own way’ of setting up their computers.
–Detectives had no forensic training.
–WinFE and X-Ways fixed both problems.
–Department purchased two licenses of X-Ways Investigator.
–A WinFE boot CD was made with X-Ways Investigator copied onto it.
–Detectives now boot their machine to WinFE, run X-Ways Investigator, and access the forensic images from an external drive. All work is saved onto the external drive and their workstation remains clean.
–This also prevented the IT staff from the city panicking over installing ‘unauthorized’ software
–And of course, a copy of the X-Ways Forensics Practitioner’s Guide was ordered for the detectives to use
View the full article