±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35868
New Yesterday: 0 Visitors: 167

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

XWays Forensics

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2, 3, 4, 5  Next 
  

moodhairboy
Member
 

XWays Forensics

Post Posted: Aug 06, 10 21:47

Has anyone ever had a problem with evidence they collected with Xways Forensics being questioned in court. I guess the question really is was the tool questioned? I get the impression that alot of US Law Enforcement agencies use Encase or FTK for their analysis tools. I could be wrong and if I am please correct me. I'm interested in what is the most prevalent tool.  
 
  

armresl
Senior Member
 

Re: XWays Forensics

Post Posted: Aug 06, 10 23:44

Search would have been good for this topic, It is for sure in the top 3 questions asked.

You can use whatever tool you would like to use. It's what YOU do, the steps you take, the results you get which define why you are in court.

IMHO I think that the person gets questioned more than the tool, this wasn't the case 10-15 years ago, but pretty much is now.

I'm guessing that you are new to the field and haven't testified yet in court.

The majority of cases where ESI comes into play use Encase or FTK, but there are also a plethora of tools out there including X ways which no one has any reason to believe aren't as good as each of the two previously mentioned tools.

Some people use nix tools, some people win tools, others have scripting knowledge and create their own scripts to extract information. If you can do that and explain yourself then there are no issues.

If you end up thinking that you will use a tool because someone else used it and was successful through which you will be successful, then you would be mistaken. An intimate knowledge of a tool (and even training on a specific tool) go a long way to helping a judge, jury, peers that you have the required knowledge.

Many times two sides will use the same tools and while the data will be the same the interpretation of the data will be totally different, hence the 2 experts arguing back and fourth about placement of files, causes for times, etc.
_________________
Why order a taco when you can ask it politely?

Alan B. "A man can live a good life, be honorable, give to charity, but in the end, the number of people who come to his funeral is generally dependent on the weather. " 
 
  

bshavers
Senior Member
 

Re: XWays Forensics

Post Posted: Aug 06, 10 23:54

I've used XWF in nearly every case I've done to either supplement/validate work done with FTK, Encase, or other tools. I have also used XWF extensively as the primary forensic tool used in civil and criminal cases, in both the public and private sector. This includes imaging with XWF through testifying in court.

I never had an issue in any case about XWF and I believe that if any issues were brought up, side by side, XWF will give either the same information as other tools or even a little bit more.

The 'most prevalent tool' can be different for the type of analysis you are doing. Some forensic suites don't look at internet history as well as a specific internet history tool will. In that case, the 'internet history tool' is probably a more prevalently used tool for internet history. Same with registry analysis...same with email analysis....same with....  
 
  

afpffi
Newbie
 

Re: XWays Forensics

Post Posted: Aug 07, 10 05:00

Hi moodhairboy, Nice to see another Florida examiner here.
I have been using XWF for about a year now and also use it to validate work done with FTK, and Encase. For the price, it is a nice alternative. Just an FYI, I recently worked on a Defense case and was surprised to discover, Home Land Security conducted their examination with XWF. I find XWF being adopted by LEO more and more.  
 
  

moodhairboy
Member
 

Re: XWays Forensics

Post Posted: Aug 07, 10 07:31

- armresl
Search would have been good for this topic, It is for sure in the top 3 questions asked.



You are correct. - It wasn't 10 minutes later that I found a thread from a newbie about different linux distros and allot of my questions were answered in one way or another. I like X-ways allot just find that I seem to be the only one using it other than one other guy here in Orlando.

Hopefully no harm done with my question.  
 
  

moodhairboy
Member
 

Re: XWays Forensics

Post Posted: Aug 07, 10 07:37

- bshavers
I've used XWF in nearly every case I've done to either supplement/validate work done with FTK, Encase, or other tools. I have also used XWF extensively as the primary forensic tool used in civil and criminal cases, in both the public and private sector. This includes imaging with XWF through testifying in court.



You wouldn't be the guy that produced the white paper on how to use Xways would you? If so, thanks allot it was very helpful. I'm currently trying out different linux distros:

1. Deft 5.1
2. Caine 1.5
3. Sans WS
4. Helix 3 Pro (Yeah, I was an idiot and got a 1yr subscription)

and a few others that I can't remember. Do not have access to Encase or FTK so my experience is only with X-ways and I have found it appropriate so far. I have numerous specific tools that I use for password recovery locally and across the network and was wondering what other tools folks use in their toolbox. Private emails to barryinorlando at gmail.com are fine if folks don't want to clutter up this thread. Otherwise happy to learn.

Barry

Black Zebra Technologies
www.blackzebrainc.com  
 
  

moodhairboy
Member
 

Re: XWays Forensics

Post Posted: Aug 07, 10 07:39

- afpffi
Hi moodhairboy, Nice to see another Florida examiner here.
I have been using XWF for about a year now and also use it to validate work done with FTK, and Encase. For the price, it is a nice alternative. Just an FYI, I recently worked on a Defense case and was surprised to discover, Home Land Security conducted their examination with XWF. I find XWF being adopted by LEO more and more.


Nice to see another Floridian as well. Where are you located? I've been working on one IRS / DOJ case for 3 years with both criminal convictions and civil actions in play at the same time. Some days are dull others are not so much.

Barry  
 

Page 1 of 5
Page 1, 2, 3, 4, 5  Next