±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 1 Overall: 33989
New Yesterday: 6 Visitors: 286

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

The X-Ways Forensics Practitioner's Guide

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2, 3, 4, 5, 6, 7  Next 

The X-Ways Forensics Practitioner's Guide

Post Posted: Sat Jan 12, 2013 7:02 pm

Is there something you'd like to see documented in an X-Ways Forensics user book? If so, this is a good time to give suggestions.

Eric Zimmerman and I are writing a book for Syngress titled, "The X-Ways Forensics Practitioner's Guide". The book's tech editor is Jimmy Weg and X-Ways Software Technology AG (Stefan Fleischmann) will be making sure the book contains up to date information.

Eric, Jimmy, and I probably know XWF pretty well, but are open to suggestions from anyone that would like to see more in documentation. Even anyone that has not yet made the leap to XWF, this book should help ease the transition to XWF as your primary or secondary tool and we welcome your suggestions too.

Why are we writing a book on X-Ways Forensics?

Mostly because we think it is needed to help the current users of XWF fully exploit the tool and for those that have waited, to stop waiting and use start using it.

What will the book be about?

It won't be about how to do forensics or how to do electronic discovery or what is evidence. The book is intended to be focused on how to use X-Ways Forensics, in that if you have a forensic task to accomplish, we'll show you how to do it with XWF. There will be many moments of the book when you will say, "I didn't know XWF could do that" and "so that's how XWF works". We're going to show the magic buttons, case flow suggestions, and inner workings of XWF.

Who is the audience?
You. If you use XWF, you'll really like the book. If you ever thought of using XWF but have been hesitating because of the perception of a high learning curve, this book will be for you. Do you teach forensics with XWF? Then you'll like this book as it will help you to help teach students when using XWF.

We will be done writing in September 2013, printing started soon after. GIve us your suggestions to make this book fit you.

Brett Shavers  

Last edited by bshavers on Sun Jan 13, 2013 10:32 pm; edited 1 time in total

Senior Member

Re: The X-Ways Forensics Practitioner's Guide

Post Posted: Sat Jan 12, 2013 9:44 pm

This is great! Please let us know when we can pre-order the book.

In terms of what to include, I think the summary you gave is what I would be looking for. Something along the lines of what the X-Ways Video Clips has done. Maybe include a section(s) on the programming API piece and how to interact with it in other languages? Or how to do some manual file carving with the product? And by that I mean taking advantage of the Hex view (or even WinHex).

The X-Ways manual is good, but I think gets too technical for some people looking to make the jump to the product. I know I've read the manual through a few times and there's probably parts of the software I'm still not aware of.

Just my two cents....
Digital Forensic Analyst 

Senior Member

Re: The X-Ways Forensics Practitioner's Guide

Post Posted: Sun Jan 13, 2013 5:13 am

Thanks. Pre-ordering will be few months before the book is printed and I'll post it when I get the notice of the pre-order release.

There will be some data carving in the book and every tip and trick known in XWF to make it run like a 427 '67 Cobra at full throttle on a sunny day.  

Senior Member

Re: The X-Ways Forensics Practitioner's Guide

Post Posted: Sun Jan 13, 2013 9:00 am

Brett, thanks for the notice about your forthcoming new book. Any guidance is always helpful and welcome.

Have you seen Tim Smith's XWF videoclips blog - xwaysclips.blogspot.co.uk?
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 

Senior Member

Re: The X-Ways Forensics Practitioner's Guide

Post Posted: Sun Jan 13, 2013 1:48 pm

This is excellent news. Although the manual is very through and is often updated, it is rather impenetrable.

In addition to what's already be mentioned, I increasingly find myself using XWF in small-scale e-discovery and e-disclosure cases, quite often in conjunction with Nuix. Perhaps the book could include a chapter on how XWF can be best utilised in this area.

Maybe also something on using XWF in memory analysis and malware analysis?
Forensic Control
Studio 314, Vox Studios, 1-45 Durham Street, London, SE11 5JH 

Senior Member

Re: The X-Ways Forensics Practitioner's Guide

Post Posted: Sun Jan 13, 2013 2:58 pm

Brett & Team,
Thank you for doing this. It sounds fantastic.
I've been using XWF for 4 years with great success, but feel I am still missing a lot of its capabilities. And who can keep up with Stefan's constant innovations. In 16.9 Beta, he has added/improved its timeline/chronology capabilities. Please include some info on extracting timelines with XWF. Thanks again.  


Re: The X-Ways Forensics Practitioner's Guide

Post Posted: Sun Jan 13, 2013 9:47 pm

Ted Smith's videos will certainly be referenced more than once.

A case studies chapter will be included with sub-topics such as "Using XWF to Examine Evidence in an IP Theft Investigation" (user activity related to IP theft such as finding USB connections, etc...); "Using XWF in Child Pornography Investigations", etc... I am open to taking any sanitized (no suspect/victim/case names) examples to include in the book (email me at bshavers @ gmail.com).

The inclusion of other utilities (freeware, open source, and commercial) will also be detailed, like how to use XWF with remote tools like F-Response, and using XWF in conjunction with virtual machines as examples. The purpose is to give clean, tested workflow options using XWF and tools supporting XWF.

This is a tentative table of contents.

Introduction –Overview of XWF
Chapter 1
Setting up XWF (installations, options, etc…)

Chapter 2 Case Flow
(working with evidence)

Chapter 3: Case Flow
(snapshots, file header searches, custom carving, etc…)

Chapter 4: Analysis
(OS artifacts, system files, metadata, editing templates, email, etc..)

Chapter 5: Searches
(indexed, GREP, simultaneous, hex values)

Chapter 6: Advanced Features
(maneuvering in hex, free/slack space, RAM/memory analysis, scripts/X-Tensions API, external analysis interface, etc..)

Chapter 7: Reporting
(tagging, adding, commenting, customizing, adding timelines)

Chapter 8:
Triage/Preview Methods
(write protecting evidence, live machines, forensic OS boot with WinFE)

Chapter 9:
Electronic Discovery and X-Ways Forensics
(bates numbering, searching/producing responsive native files/printed copies, creating and exporting spreadsheet listing of responsive files, etc…)

Chatper 10 Case Studies and Usage
(using XWF with specific case types, such as IP theft, CP investigations, user activity, etc…)

Chapter 11: X-Ways Software Applications Overview
(X-Ways Investigator, Capture, etc…)  

Last edited by bshavers on Fri Jan 18, 2013 9:33 pm; edited 1 time in total

Senior Member

Page 1 of 7
Go to page 1, 2, 3, 4, 5, 6, 7  Next