Apologies - Totally new to this

[UKTonyK]

I have booted to the CAINE CD, but want to use the WinTaylor part. Where do I find it?
Or do I have to run it from somewhere else?

[denis]

WinTaylor is the forensic live analisys and acquiring part for MS Windows system that investigator find up.
In these cases it is possible that the investigator decides to carry out an analysis of live system to acquire data that would be lost with the shutdown.
Wintaylor can also be used for image acquisition on those MS Windows systems in which boot from live-cd fails, due to their hardware, or in those cases (hospital server, etc ...) where you can not turn off the system.

[UKTonyK]

So how do I start WinTaylor?

Do I have to boot up the system, log in and then run WinTaylor from the CAINE CD?

Many Thanks

[denis]

This is the idea:
the investigator arrives at the crime scene, where there is an MS Windows up.
According to investigator assessments is important to capture volatile data present on that Windows system, so investigator inserts the CD with Wintaylor and use the tools on this present.

If a system is off, that is, the volatile data are already lost. Hopefully you can think of virtualization and use Wintaylor to extract that information not accessible from Linux working on the forensic image.

[UKTonyK]

I understand now. Apologies I thought the WinTaylor suite was available as part of the utilities after booting from the Live CD.

Is it possible to run such utilities as USBDView from the CAINE Boot CD, whilst not on a live session?

[denis]

You can install regripper, that at now is not present in Caine.
We are thinking to make a Big Caine (Caine on live-dvd) with more tools, like RegRipper and other.
Now you can put your forensic image in LiveView, to vitualize that system, and use Nirsoft, or other, tools on it

[Sponsored content]