5 Cool Things You Can Do with the Windows Forensic Environment (WinFE)
I’m a fan of WinFE. I’ve used it, written about it, helped develop it, taught it, and assisted others to teach it. The way that I talk about it, you’d think that WinFE is the best thing that ever came along, does everything you need in forensics, and nothing can out do what it does. Actually, WinFE doesn’t do much at all. But that for what it does, it does ingeniously. 
The top 5 cool things
#5 Forensically boot a Windows, Mac, Linux machine to a Windows Forensic Environment
#4 Forensically Boot a Surface Pro to a Windows Forensic Environment
#3 Image storage drives (full, sparse, or targeted) with Windows tools
#2 Perform a triage or preview with Windows tools
#1 Do a complete exam with Windows tools on the evidence machine
There are even more things you can do as well that makes WinFE cool, but this is a good start. Being a free tool makes it cool too.
What’s the big deal?
WinFE forensically boots to Windows. That means you can use Windows-based forensic tools!
The numbers
3,447 * Years ago, I threw together a quick WinFE online class for free. Over 3,000 took the course before I eventually took it offline since WinFE has had several updates since the course was developed.
5,592 * I recently put on a longer Forensic Operating System course (that focused on WinFE more than other live CDs) and as of today, more than 5,500 have taken that course.
15,000 * That’s the number where I stopped counting the downloads of the WinFE script and various WinFE builders from over the years. That doesn’t mean 15,000 WinFE users, just that it is a lot of downloads of past and current WinFE build projects. That also does not include WinFE basic builds where Microsoft downloads are required (and not a WinFE project).
The point is that WinFE is a valid tool used by many, and since there is no marketing department for it, I'm marketing it because I use it and prefer that it remain relevant in the community...so I can keep using it :)
The latest WinFE course
I had been asked for a new course just on WinFE and not any of the other live CDs, so here it is. I included the multiple types of WinFE builds including Windows To Go in order to cover everything about a Windows-based, forensically sound, bootable operating system. This course is only for those who did not take the Forensic Operating System course, since the WinFE information is the same in both courses.
Of course there is a promotion
