Thursday, March 29, 2007

Security tools: BartPE - Bootable Windows on a CD

I'm attending offsite training this week, and the class is full of a lot of people who do security work for their organizations. A frequent topic is how their organization do things, and what they use to do their jobs.

I was startled to learn that some of my classmates had never heard of BartPE, which is a tool that any security staffer who works with Windows systems or needs a bootable Windows toolkit should have.

What is BartPE? Is it a "Preinstalled Environment" - which doesn't tell you much up front. In short, it is a Windows environment (XP or 2003) packaged to run from a CD, much like a Knoppix live CD. It has a wide variety of plugins that are ready to go, or which can be easily added if you have appropriate licenses or downloaded free software, and you can add tools of your own quite easily. The advantages of this including the ability to run Windows native programs without touching the host system's filesystem, native NTFS support, and familiar Windows tools will be obvious to anybody who needs to work with Windows systems, either for recovery, repair, or on-host forensic or incident response work. This is also a useful way to boot Windows on non-Windows systems if you are traveling and need a Windows system on the go, but don't have to have a fully installed system, or have only non-Windows x86 systems handy.

This is one of the tools that is usable in its basic form (which does require a local build and setup), but which can be a much more powerful tool with some work. Put this one in the list of tools that are worth your time and effort to learn and build before an incident.

No comments: