ogmini - Exploration of DFIR

Having fun while learning about and pivoting into the world of DFIR.

About Blog Research CTF/Challenge GitHub RSS

28 May 2025

WinFE Training - Completed

by ogmini

Took a little bit longer than expected to finish the WinFE training and take the exam. I started this whole thing back on May 14th… https://ogmini.github.io/2025/05/14/WinFE-Training.html Got sidetracked a bunch looking at Remote Desktop Manager.

Some quick thoughts follow about the training. I like that you have to build WinFE using two different processes. I prefer the Colin Ramsden version from https://www.winfe.net/. Mini-WinFE from https://github.com/MistyFromReboot/Mini-WinFE is much easier if you prefer GUIs.

I very much appreciate that the training requires you to build WinFE and validate the write protection by writing a PDF document of your testing process and results. You need to make sure that the WinFE USB/CD you create won’t erroneously write to the disk. Hash comparisons, writing to the disk, formatting the disk, and other tests can be performed to verify the write protect is working as expected.

The exam was pretty straightforward and helps to reinforce the key points of using a tool like WinFE. Happy to finally finish the training and obtain the certification.

winfe cert

I do intend on taking the instructor course.

tags: training - WinFE