±Partners and Sponsors

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 13
Overall: 26773
Visitors: 81

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

The X-Ways Forensics Practitioner's Guide

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2, 3, 4, 5, 6  Next 
  

The X-Ways Forensics Practitioner's Guide

Post Posted: Sat Jan 12, 2013 2:02 pm

Is there something you'd like to see documented in an X-Ways Forensics user book? If so, this is a good time to give suggestions.

Eric Zimmerman and I are writing a book for Syngress titled, "The X-Ways Forensics Practitioner's Guide". The book's tech editor is Jimmy Weg and X-Ways Software Technology AG (Stefan Fleischmann) will be making sure the book contains up to date information.

Eric, Jimmy, and I probably know XWF pretty well, but are open to suggestions from anyone that would like to see more in documentation. Even anyone that has not yet made the leap to XWF, this book should help ease the transition to XWF as your primary or secondary tool and we welcome your suggestions too.

Why are we writing a book on X-Ways Forensics?

Mostly because we think it is needed to help the current users of XWF fully exploit the tool and for those that have waited, to stop waiting and use start using it.

What will the book be about?

It won't be about how to do forensics or how to do electronic discovery or what is evidence. The book is intended to be focused on how to use X-Ways Forensics, in that if you have a forensic task to accomplish, we'll show you how to do it with XWF. There will be many moments of the book when you will say, "I didn't know XWF could do that" and "so that's how XWF works". We're going to show the magic buttons, case flow suggestions, and inner workings of XWF.

Who is the audience?
You. If you use XWF, you'll really like the book. If you ever thought of using XWF but have been hesitating because of the perception of a high learning curve, this book will be for you. Do you teach forensics with XWF? Then you'll like this book as it will help you to help teach students when using XWF.

We will be done writing in September 2013, printing started soon after. GIve us your suggestions to make this book fit you.

Brett Shavers  

Last edited by bshavers on Sun Jan 13, 2013 5:32 pm; edited 1 time in total

bshavers
Senior Member
 
 
  

Re: The X-Ways Forensics Practitioner's Guide

Post Posted: Sat Jan 12, 2013 4:44 pm

Brett,
This is great! Please let us know when we can pre-order the book.

In terms of what to include, I think the summary you gave is what I would be looking for. Something along the lines of what the X-Ways Video Clips has done. Maybe include a section(s) on the programming API piece and how to interact with it in other languages? Or how to do some manual file carving with the product? And by that I mean taking advantage of the Hex view (or even WinHex).

The X-Ways manual is good, but I think gets too technical for some people looking to make the jump to the product. I know I've read the manual through a few times and there's probably parts of the software I'm still not aware of.

Just my two cents....
_________________
CHFI, CCNA, EnCE
Digital Forensic Analyst 

CdtDelta
Senior Member
 
 
  

Re: The X-Ways Forensics Practitioner's Guide

Post Posted: Sun Jan 13, 2013 12:13 am

Thanks. Pre-ordering will be few months before the book is printed and I'll post it when I get the notice of the pre-order release.

There will be some data carving in the book and every tip and trick known in XWF to make it run like a 427 '67 Cobra at full throttle on a sunny day.  

bshavers
Senior Member
 
 
  

Re: The X-Ways Forensics Practitioner's Guide

Post Posted: Sun Jan 13, 2013 4:00 am

Brett, thanks for the notice about your forthcoming new book. Any guidance is always helpful and welcome.

Have you seen Tim Smith's XWF videoclips blog - xwaysclips.blogspot.co.uk?
_________________
Institute for Digital Forensics (IDF) - LinkedIn
Mobile Telephone Examination Board (MTEB) - LinkedIn
Mobile Telephone Evidence & Forensics trewmte.blogspot.com
ForensicMobex now MTEB Linkedin Subgroup 

trewmte
Senior Member
 
 
  

Re: The X-Ways Forensics Practitioner's Guide

Post Posted: Sun Jan 13, 2013 8:48 am

This is excellent news. Although the manual is very through and is often updated, it is rather impenetrable.

In addition to what's already be mentioned, I increasingly find myself using XWF in small-scale e-discovery and e-disclosure cases, quite often in conjunction with Nuix. Perhaps the book could include a chapter on how XWF can be best utilised in this area.

Maybe also something on using XWF in memory analysis and malware analysis?
_________________
Forensic Control
twitter.com/ForensicControl 

Jonathan
Senior Member
 
 
  

Re: The X-Ways Forensics Practitioner's Guide

Post Posted: Sun Jan 13, 2013 9:58 am

Brett & Team,
Thank you for doing this. It sounds fantastic.
I've been using XWF for 4 years with great success, but feel I am still missing a lot of its capabilities. And who can keep up with Stefan's constant innovations. In 16.9 Beta, he has added/improved its timeline/chronology capabilities. Please include some info on extracting timelines with XWF. Thanks again.  

ballydehob
Member
 
 
  

Re: The X-Ways Forensics Practitioner's Guide

Post Posted: Sun Jan 13, 2013 4:47 pm

Ted Smith's videos will certainly be referenced more than once.

A case studies chapter will be included with sub-topics such as "Using XWF to Examine Evidence in an IP Theft Investigation" (user activity related to IP theft such as finding USB connections, etc...); "Using XWF in Child Pornography Investigations", etc... I am open to taking any sanitized (no suspect/victim/case names) examples to include in the book (email me at bshavers @ gmail.com).

The inclusion of other utilities (freeware, open source, and commercial) will also be detailed, like how to use XWF with remote tools like F-Response, and using XWF in conjunction with virtual machines as examples. The purpose is to give clean, tested workflow options using XWF and tools supporting XWF.

This is a tentative table of contents.

Introduction –Overview of XWF
Chapter 1
Setting up XWF (installations, options, etc…)

Chapter 2 Case Flow
(working with evidence)

Chapter 3: Case Flow
(snapshots, file header searches, custom carving, etc…)

Chapter 4: Analysis
(OS artifacts, system files, metadata, editing templates, email, etc..)

Chapter 5: Searches
(indexed, GREP, simultaneous, hex values)

Chapter 6: Advanced Features
(maneuvering in hex, free/slack space, RAM/memory analysis, scripts/X-Tensions API, external analysis interface, etc..)

Chapter 7: Reporting
(tagging, adding, commenting, customizing, adding timelines)

Chapter 8:
Triage/Preview Methods
(write protecting evidence, live machines, forensic OS boot with WinFE)

Chapter 9:
Electronic Discovery and X-Ways Forensics
(bates numbering, searching/producing responsive native files/printed copies, creating and exporting spreadsheet listing of responsive files, etc…)

Chatper 10 Case Studies and Usage
(using XWF with specific case types, such as IP theft, CP investigations, user activity, etc…)

Chapter 11: X-Ways Software Applications Overview
(X-Ways Investigator, Capture, etc…)  

Last edited by bshavers on Fri Jan 18, 2013 4:33 pm; edited 1 time in total

bshavers
Senior Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 6
Go to page 1, 2, 3, 4, 5, 6  Next