Windows Forensic Environment, also known as WinFE or Windows FE, was originally developed by Troy Larson, Senior Forensic Manager, Microsoft Corporation, by simply adding two registry keys to the Windows Vista Pre-installation Environment 2.0 (WinPE 2.0). These keys prevented the auto-mounting of some of the volumes at boot time, which then allowed the creation of a rudimentary Microsoft Windows based forensic boot CD/DVD or USB Device.
Since the inception of WinFE, myself along with other contributors, such as Brett Shavers, have strived to provide a viable solution to first responders and forensic practitioners, that will allow the use of traditional Microsoft Windows based forensic tools, to accomplish imaging and triage tasks whilst deployed on the ground.
The first objective was to create an environment, using WinPE 3.0 (Windows 7), that moved away from the Command Line Interface (CLI) and provide the user with a graphical user interface (GUI) for managing the read/write status of hard disk drives (HDD), however, this did not go to plan due to limitations imposed by Microsoft Corporation.
Eventually, almost 12 months later, this obstacle was overcome when Microsoft exposed new Application Programming Interface (API) calls that detailed how to programmatically change the read/write status of hard disk drives.
WinBuilder (http://winfe.wordpress.com/) was chosen by Brett as the preferred deployment platform due to its ease of use and the scripts which were available to enhance the user experience of WinFE.
During testing, it became apparent that for reasons unknown, WinFE could not handle dynamic disks, and the result would be that if dynamic disks were encountered, no disks were automatically write protected, which is not good news for forensic computing!
It was then decided to start again from grass roots, WinFE was built again from the Microsoft Windows Automated Installation Kit (WAIK), where it was found that creating WinFE this way overcome the dynamic disk issues which were encountered with WinBuilder editions of WinFE.
WinFE Lite was subsequently born!
Furthermore, I have booted WinFE Lite in systems that only have 256MB of RAM, but I would recommend 512MB of RAM as a minimum. The WinBuilder version requires approximately 1GB of RAM to function as far as I am aware.
This web site will attempt to highlight how to build the Lite version of WinFE, including where to obtain any dependencies that are required by WinFE Lite.