Placed into the suspect computer floppy disk drive, the hard drive could be accessed and imaged at the speed of…DOS. It is not a complete replacement for every imaging tool, but certainly deserves its place in your toolbox.In the beginning….there was the forensic DOS floppy boot disk. Many current forensic software applications can be run in this environment where imaging, analysis, or triage can be done without altering the evidence drive. Figure 1: As a quick introduction to the Windows Forensics Environment (WinFE) it is a bootable CD, based on the Windows Pre-Installed Environment (PE), with a few changes to create a forensically sound boot CD in which a variety of forensic tasks can be conducted on a suspect machine.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
June 2023
Categories |