===============================================================
readme.txt
===============================================================
Windows Forensic Toolchest(TM) (WFT) v3.0.08 (2014_03_16)
Copyright (C) 2003-2014 Monty McDougal. All rights reserved.
URL: http://www.foolmoon.net/security/
EMAIL: wft(at)foolmoon(dot)net
===============================================================
===============================================================
README
===============================================================
See license.txt for License Terms
See usage.txt for command-line options
See history.txt for version history and what is new
See md5sum.txt to verify file integrity of this release
See wft.cfg for configuration file format
===============================================================
===============================================================
QUICK START
===============================================================
This is the quick and dirty guide to using WFT (Commercial).
For the non-commercial version you have to download the tools
manually.

Note that the config file provided with WFT is an example.  It
is intended that the end user would customize to their needs.
Info on the config file format is in the config file.

1.  Download and extract WFT (http://www.foolmoon.net/security/)
2.  Download and burn a HELIX CD (http://mirrors.cmich.edu/helix/)
3.  Run 'wft.exe -fetchtools' (on each OS for WFT)
4.  Only after doing above, Place the HELIX CD in the CDROM drive
5.  Run 'wft.exe -fetchtools' (after running on all OSes)
6.  Run 'wft.exe -fixcfg wft.cfg wft_cfg.new'
7.  Run 'move wft_cfg.new wft.cfg'
8.  Run 'wft.exe -interactive' and make sure things work
9.  Copy WFT and tools to appropriate CD / thumb drive and enjoy
===============================================================
===============================================================
ABOUT WINDOWS FORENSIC TOOLCHEST(TM) (WFT)
===============================================================
The Windows Forensic Toolchest(TM) (WFT) is designed to provide
a structured and repeatable automated Live Forensic Response, 
Incident Response, or Audit on a Windows system while collecting
security-relevant information from the system. WFT is essentially
a forensically enhanced batch processing shell capable of running
other security tools and producing HTML based reports in a 
forensically sound manner.

A knowledgeable security professional can use WFT to help look for
signs of an incident, intrusion, or to confirm computer misuse or
configuration. WFT produces output that is useful to the admin
user, but is also appropriate for use in court proceedings. It 
provides extensive logging of all its actions along with 
computing the MD5/SHA1 checksums along the way to ensure that its 
output is verifiable. The primary benefit of using WFT to 
perform incident responses or audit is that it provides a simplified 
way of scripting such activities using a sound methodology for 
data collection.

I welcome any suggested features or changes or additional tool 
suggestions. Feedback from users of WFT would be greatly 
appreciated.

===============================================================
===============================================================
ACKNOWLEDGEMENTS
===============================================================
I would like to thank Rob Lee, Don Murdoch, and the SANS
Institute for helping make Windows Forensic Toolchest(TM) (WFT) 
so popular by including it in a number of the SANS courses.
Additionally, I would like to provide special thanks to Don
Murdoch, Jennifer Kolde, Doug Hitchen, Drew Fahey, Christopher
Davis, Jason DePriest, Juergen Seeger, Sebastian Krause for 
their suggestions, configuration file enhancements, and Beta
testing efforts that have helped improve the usefulness of WFT.
===============================================================
===============================================================
ABOUT THE AUTHOR
===============================================================
Monty McDougal has been working in the computer security field 
for the last 12+ years. Before that, he spent another 5 years 
working in and around the computer industry performing tasks 
ranging from programming to system administration. Monty has an 
extensive programming background in web development, security
architecture and design, security assessments, and auditing.
Monty currently works for a large government contractor as a 
Senior Security Engineer.

Monty holds the following major degrees and certifications: 
BBA in Computer Science / Management (double major) from 
Angelo State University, MS in Network Security from Capitol 
College, CISSP, ISSEP, ISSAP, GIAC Certified Incident Handler 
(GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Certified
UNIX Security Administrator (GCUX), GIAC Certified Windows 
Security Administrator (GCWN), GIAC Reverse Engineering Malware
(GREM), GIAC Security Essentials (GSEC), GIAC Auditing Wireless
Networks (GAWN-C) and serves on the SANS Advisory Board.
===============================================================
