I believe we all have experience in reinstalling computers or using PE boot disks during windows system maintenance, now the Internet offers a large number of free WinPE boot disk creation tools such as Old MaoTao, DaBaiCai, etc. Most of these tools are packaged with Ghost, Diskgenius and other installation tools. WinPE has the natural advantage of not reading and writing the original system, can bypass the original system login password, can run simple programs, so make a WinPE boot disk of your own and package the forensics program, in the field forensics can be used with half the effort.

advantages

Advantages of WinPE forensic boot disk

In addition to the fact that a WinPE boot disk requires only a USB flash drive or CD-ROM, it has the following natural advantages in terms of software.

Read-only access and read-write operating environment in a forensic sense

Accessing files on all hard drives using NTFS and FAT file systems

Can easily integrate forensic toolset, such as recording software, FTK, X-way and other forensic software are packaged into the PE system

Automatic windows boot integration for instant access to all common computers

Microsoft regularly updates PE versions and makes them available for free download to support any new hardware and new systems

once package Replicas can be made after， Batch create forensic boot flash drive

erect

Customize the latest Win10PE boot disk

Run the installation file with administrator privileges. When selecting program features, at least two of the options shown in the following screenshot should be selected. For everything else, just select the default installation.

Once the installation is complete, we can launch the Deployment Console feature of the program and the system will automatically open the command prompt box. The initial environment deployment is completed with the following simple code.

1.To create a WinPE folder.

copype amd64 C： WinPE_amd64

2. To mount the boot.wim file.

Dism / Mount-Image /ImageFile:"C:WinPE_amd64mediasourcesoot.wim“/ index：1 / MountDir：”C： WinPE_amd64 mount“

3.Select the PE mount mode and choose the third mode "do not mount anything in read/write mode".

Setsanpolicy C： winpe_amd64 mount 3

4.Execute the "Mounting image" command.

package

Create a collection of commonly used PE forensics tools

Once the image is loaded, we can wrap the common forensic tools into the image.

5.Next, we can go ahead and create the "tools" folder in the command box. The code is as follows.

mkdir C： WinPE_amd64 mount tools

6.Once the folder is created, we can copy the forensic tools into this folder.

7.After copying the forensic tools, we can package the image.

Dism / Unmount-Image / MountDir：“C： WinPE_amd64 mount”/ commit

8.Create an ISO file so that next time we can always burn it to any flash drive or CD and make a forensic flash drive or CD in minutes.

MakeWinPEMedia / ISO C： WinPE_amd64 C： WinPE_amd64 WinPE_amd64.iso

9.Use the winiso tool to burn to any flash drive or CD. Or you can use the VMVirtualBox tool to emulate a PE system running on an image.

conclude

Have your own PE forensic disk

WinPE The system is so powerful that I can't help but love it， In many cases, field depositions， The editor is all onePE Forensic discs go everywhere， Every time there is a kind of use“ Swiss Army knife”、“ Xiao Li Fei Dao" like a thrill。 moreover， After a little testing， In addition to common forensic software such asX-ray Support inPE run on， Even the most and most powerfulPython Both can run！ just think!， pass (a bill or inspection)Python You can create batch processing scripts！ The implementation of bulk customized forensic capabilities will greatly reduce the workload of law enforcement officers。 Circle members, fasten your seat belts.， Waiting for the editor to search for some goodpython Handling script takes you on another drive

Recommended>>
1、The most popular input method among young people in the US and Japan is actually Made in China
2、Japan develops emotional artificial intelligence system that can read the atmosphere of a place
3、AI analyzes brain waves to read brain images directly
4、Steps and methods to get started with microcontrollers
5、Xu Qin Science and technology innovation to stimulate the endogenous power of highquality development

已发送

发送中