Learning X Ways Forensics

Many thanks Brett! Much appreciated.

Thanks Brett! I'm looking at (hopefully) purchasing X-Ways later this year and your guide will be a big help.
KP

"Berners-Lee 'sorry' for slashes" -> http//news.bbc.co.uk/2/hi/technology/8306631.stm

Aha! Not entirely my fault then 😉

I've been an X-Ways user for a year now, and read your guide, which is really nice. I also have a bit of an issue with the X-Ways manual not really helping to define some basic workflows, but I started out in forensics with no automated tools except those developed in house, so I like that X-Ways gives a very fast, clean, raw view of the drive. I use X-Ways to verify the results from all my other forensic tools.

I have some suggestions that you could use or ignore depending on how you feel.

Page 3, Options
Most users in a lab environment will want to change the first 3 items (Temporary files, Image and backup files, and folder for cases and projects) to a drive other than your system drive. If you do civilian work and have rules about dealing with unexpected discovery of contraband, this saves you from having to blow away your system drive after you run across CP.

Page 11, Volume Snapshot
It's worth giving special mention to the "Take new one" checkbox at the top. Checking this will get rid of your old bookmarks and other work. It's basically like restarting your case from scratch. I used this by accident the first time I worked with X-Ways and had to re-do a few hours of work at no charge for my client to get back to where I was beforehand.

Thanks to Brett for the guide, and to Jamie for hosting it.

I would think it rare to work on your case stored on your system drive, but I guess that would be up to how you have your system set up. (I don't do it that way).

For the snapshot, after your take your initial snapshot, and you do not choose all the options, you can go back again and add to your snapshot. I cannot think of a good reason to choose the "Take New Snapshot", because as you mentioned, all that work will be gone. That is a scary button if you have done lots of work.

Sweet…Thanks Brett

hi bshavers,
i am also interested in your work on the quick guide. able to share?

thanks

Its in the download section http//www.forensicfocus.com/computer-forensics-downloads

Thanks.. The guide is wonderful, beginner or not, its good stuff. cheers!

"Berners-Lee 'sorry' for slashes" -> http//news.bbc.co.uk/2/hi/technology/8306631.stm

Aha! Not entirely my fault then 😉

Never being averse to tooting one's own horn, for those who have an interest in the past…

http//chuckwebster.com/2009/06/ehr-workflow/how-i-became-interested-in-ehr-workflow-management-systems

Scroll down to the description of Felix. Then look at

http//www.w3.org/2004/Talks/w3c10-HowItAllStarted/?n=15

It seems that both projects were heavily influenced by NextStep but my boss pulled the plug on our project stating that we weren't in the business of software development.