On a different topic, some discussion on distribution licenses of WinFE has been going on at forensicfocus.com. One of the takeaway points of the discussion is that you shouldn’t be giving away or selling WinFE (or PE) ISO files….that will violate the Microsoft EULA. Since WinFE is most typically used in legal cases, using a tool that you violated the EULA could cause serious issues with the evidence you collected. So if you didn’t build it, don’t use it. That is the very bad news.
The very good news is that you can make your own WinFE, free, in just a few minutes, without violating the EULA.
I assume that one of the reasons Microsoft has such a restrictive EULA prohibiting distribution is so that the core files of WinPE (and FE) remain solid. Downloading or using any 3rd party tool or something “a friend” sends you could contain anything hidden inside, like malware. By using Microsoft’s files, the odds are much lower that this will happen, meaning that when you build a WinFE, it is most malware free that can be expected.
After that discussion on forensicfocus slowed down, I had emails about WinFE regarding how to build it. Not that I created the thing…but I will make a fairly detailed and easy to follow video on building a WinFE and everything you should know about it. After all, if ever asked about your data collection tool, it’s better to look like you know what you doing rather than say, “I downloaded this ISO file, booted the system and imaged with it, and don’t really know much else about it.” Perhaps better to say, “I personally built and tested the imaging environment using industry best practices. I used core files from the Microsoft company as allowed by its licensing agreement.”
When the tutorial video is finished, I’ll post the link.
View the full article