![how to run prodiscover basic as administrator how to run prodiscover basic as administrator](https://naiwaen.debuggingsoft.com/blog/wp-content/uploads/2013/11/2.jpg)
- How to run prodiscover basic as administrator drivers#
- How to run prodiscover basic as administrator windows#
As neat as WinFE sounded and looked, I just didn’t put a lot of effort into it as I didn’t see the value of building the disk it at the time compared to what I was already using. Granted, at the time, I was quite content with the then current system of using hardware write blockers, an occasional use of a hardware imaging tool, and the even fewer occasions of using a variety of forensic Linux boot CDs.
How to run prodiscover basic as administrator windows#
I followed Troy Larson’s (of Microsoft fame) instructions of creating a bootable Windows Forensic Environment CD a few years ago.
![how to run prodiscover basic as administrator how to run prodiscover basic as administrator](https://www.windowscentral.com/sites/wpcentral.com/files/styles/xlarge/public/field/image/2018/10/always-run-administrator-windows-10_.jpg)
My suggestion is that if you are looking for a forensic boot CD that can do so much more than just image, then the time you spend making your own will not only be worth it, but you will wonder why you also hesitated so long as well. My only regret is not having done this sooner. However, after several failures with my favorite Linux Boot CD (which was not free…), I committed myself to try the WinFE. Probably the hesitation I had in even thinking to get started creating a WinFE CD was the fear of how much time, effort, and testing to get it right, particularly since there are so many freely downloaded Linux Boot CDs.
How to run prodiscover basic as administrator drivers#
Given the vast number of examiners being more proficient with Windows than Linux, the ease to which the WinFE CD can be modified with drivers and software compared with a Linux CD cannot be overstated. So here comes WinFE, comparable to many of the forensic Linux Boot CDs, with one important difference it’s not a Linux Operating System…it’s Windows! This is not a small point because many of your everyday Windows forensics applications can be run on the WinFE disk whereas with the Linux CD, you must accept only those applications that run on Linux. Understanding the Neatness Factor of Windows Forensic Environment Why would anyone want to image through Windows at 1 or 2 GB/min when you can directly image at up to 7GB per minute with a hardware device? You have to look a little closer at WinFE to get the answer. With the hardware imaging devices of advertised speeds up to 7GB per minute, imaging through Windows may have also started down the road to being obsolete. Given the loss of floppy drives in newer computers coupled with the speed of imaging in Windows with hardware write blockers, it was only a short matter of time before DOS boot disks went the way of the dinosaur. An entire 1.44mb of storage space to be had storing all the forensic apps you could squeeze onto it. Placed into the suspect computer floppy disk drive, the hard drive could be accessed and imaged at the speed of…DOS. It is not a complete replacement for every imaging tool, but certainly deserves its place in your toolbox.In the beginning….there was the forensic DOS floppy boot disk. Many current forensic software applications can be run in this environment where imaging, analysis, or triage can be done without altering the evidence drive. Figure 1: As a quick introduction to the Windows Forensics Environment (WinFE) it is a bootable CD, based on the Windows Pre-Installed Environment (PE), with a few changes to create a forensically sound boot CD in which a variety of forensic tasks can be conducted on a suspect machine.