I am new to computer forensics and recently purchased X Ways’ forensic license, I am tying to learn the software. Since I missed the class in Washington DC, I am using the manual. Are there are any “how to” or quick reference guides out there to get the learning going? Anything to help me move around in the software.
The manual is killing me, please help.
Thank you,
Rizwan
We've got a short video posted on our site on using F-Response and X-Ways. Trust me, there's a good bit more on X-Ways than F-Response. It's a start, also hopefully Brett Shavers will pop up, he's my go to guy for X-Ways.
http//
It's about 1/2 to 3/4 down the page, look for F-Response Enterprise Edition and X-Ways Forensics.
Enjoy!
I'll type up a 'quick start guide' for you, real quick like and send it to you. (I have something somewhere, but I'll update for the current XWF version when I dig it up).
I wouldn't mind taking a look at that too, Brett, if it's OK with you?
Jamie
I'll make it pretty then 😉
Brett,
This is a timely thread. We have used Encase exclusively and just purchased X-ways. Would you mind sharing the "quick start guide"?
Thanks
No need, I'm not fussy 😉
The manual is killing me, please help.
I'd agree - the manual is not good at all, pretty much unintelligible.
I have had X-Ways since March when I attended the training but have not had had real chance to sit down with it since then. I fired it up a couple of weeks back and can add images, refine the case etc but really wish there was a well written guide to it as I know it's a very powerful application and know I'm not using it to its full potential.
Brett, I'd be grateful if you could send me copy of your paper too. Thanks in advance.
Greetings for Indianapolis
Thank you fresponse_s and bshaver, I am looking forward to the video and reading the doc. I also noticed that five quick reference guides available on X Ways site are outdated too. Jamie you seem to know Stefan, can he be influenced to rework the manual? That’s too bad that a well-respected software image is being minimized due to lack of a good documentation.
Thanks,
Rizwan
I sent Jamie that which I just wrote up as a QuickStart to XWF. The XWF manual is different from other forensic software manuals, but it does contain quite a bit, if not everything you need to use XWF. I do not market this quickstart guide as the 'be all solution' for understanding X-Ways Forensics, but rather something to get a case started, processed, and reported, just that what you barely need to know. If you go through one case with XWF, you'll have a good idea of what you can do with some practice.
I don't think the XWF manual is the reason that some avoid using XWF as much as they could to the point of avoiding using it at all. Unlike the other tools, there isn't a button that says, "Email" or other simple interfaces to see the data organized in a certain way. You really have to take a look at the data as XWF sees it and presents it to you. Once you get into that mode of what to expect and how to get the data out of what you are looking at, it becomes just as quick and easy as any other forensic tool.
When you use XWF enough alongside your other tools to validate findings, you will find yourself eventually using XWF solely for certain tasks because of how well it performs.
There are some things that XWF just isn't well suited for, such as using it for internet forensics. That is not one of the strong points when compared to other tools that do that well. But for just about everything else, XWF is fast, light, and accurate. And one of my best likes about XWF is that it can be run on external media, without being installed on a system. Its hard to believe such a forensic tool like XWF can be carried around on a flashdrive, plugged into a live system, and have the capabilities it does.