WinTaylor is a collection of tools for analyzing or troubleshoothing a PC. WinTaylor itself is a GUI launchboard for several other tools.
Positive:
- No installation needed, just execute from USB
- In overall, good collection (nirsoft, sysinternals etc.)
- Source code available
Please note that there are more free (and open source) tools and utilities in the area. WinTaylor provides some nice tools in an easy form (USB).
From CAINE site:
CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics.
The distro is open source, the Windows side (Wintaylor) is open source.
WinTaylor is the new forensic interface built for Windows and included in CAINE Live CD. It is written in Visual Basic 6 to maximize compatibility with older Windows systems, and provides an internal set of well-known forensic programs.
WinTaylor proposes a simple and complete forensic software integration and inherits the design philosophy of CAINE.
Installation
WinTaylor is included in the NBCAINE image (CAINE for NoteBook). Installation of the image into USB can be done with Win32 Disk Imager tool.
List of Tools
The table below list the tools which can be launched from the GUI.
| System Info | \Programs\tools\msi.exe |
| FTK Imager | \Programs\imager\ftkimager.exe |
| Hex Editor | \Programs\hexedit.exe |
| USB Write Blocker | \Programs\usbwriteprotect.exe |
| Hash Calculator | \Programs\tools\nirsoft\HashMyFiles.exe |
| WinAudit | \Programs\winaudit.exe |
| PC On/Off | \Programs\pctime\pconofftime.exe |
| Photorec | \Programs\photorec_win.exe |
| USB Devices | \Programs\tools\nirsoft\usbdeview |
| Take a snapshot | \Programs\MWSnap.exe |
| DriveManager | \Programs\tools\Driveman.exe |
| Whois | \Programs\whoistd.exe |
| RAM Dump | \Programs\ram\ |
| File Analyzer | \Programs\tools\wfa.exe |
| NirSoftMegaReport | \Programs\tools\nirsoft\nmr.bat |
| Testdisk | \Programs\testdisk_win.exe |
| Lan Scanner | \Programs\als\PortScan.exe |
| Recuva | \Programs\tools\cygwin\recuva.exe |
| More Tools | \Programs\tools |
In addition, there are more utilities behind the “More Tools” button. Some of them are listed in the table below.
| \Programs\tools\Cygwin: | Date, dd, dos2unix, file, hexedit, hostname, less | |
| \Programs\tools\fau: | dd, volume_dump, wipe, netcat | |
| \Programs\tools\nirsoft: | CurrPorts, DevManView, IECookiesView, IEHistoryView, InstalledCodec, ProcessActivityView, ProduKey, RecentFilesView, ServiWin |
|
| \Programs\tools\sysinternals: | Desktops, Process Explorer, Process Monitor, Pstools: pslist, psinfo …, Ram map, Rootkitrevealer, TCPview, Vmmap |
|
| \Programs\tools\unxutils: | Bunzip2, grep,Wget |
Examples
NirSoftMegaReport creates an HTML output, which is easy to browse, see below:
Winaudit screenshot:
Process Monitor screenshot:
Please note, that the functionality of WinTaylor type of launchboard could be made with GUI automation tool as well (AutoIt).