It seems that both projects were heavily influenced by NextStep but my boss pulled the plug on our project stating that we weren't in the business of software development.
Good call - this browsing business will never take off lol
I started using X-ways about a year and a half ago. I had no training and no Quickstart Guide (thanks for coming up with one, even if was late for me, Brett). So I had to learn by digging. Initially, I used it to validate other work, but as I discovered more and more of the features and capabilities, I used it more and more. At one point, I was discovering something new every three days or so.
One thing that is pretty neat about X-ways can be seen in the bottom image on page 9 of Brett's guide. Notice the check box he has checked that reads "Replace evidence object with image"
Yes, that's right, open a drive dig around check some items, add some comments, then image the drive. X-ways will automatically replace the drive/media with the image when the imaging process completes…..and it will keep the triaging work you did BEFORE imaging.
Someone mentioned the "Take New One" checkbox in relation to the "Refine Volume Snapshot" and how this will blow away your work. This is correct, however if you've done this accidentally, then simply open the last backup of the case. Presto, you've got your case back. Make sure you have the options set to keep *at least* three backups.
My two favorite features are
1) the filtering capabilities, and in particular, the ability to save filters for use over and over, and
2)the Extract Internal Metadata, you will be amazed at the various file types that this works on. A short list is MS Office, PDF, JPG, LNK, Vista Recycle Bin Info files ($I…..).
I've used this tool for 3 years on one case and even I learned a few things today. Thanks!!!
Looks like there is a 30 minute training session hosted by Brett Shavers and Matt Shannon tentatively scheduled for Oct 26 at 8am EST.
Found the info on the F-Response blog here
http//
Wow, I just realized that when you use F-Response with X-ways and reach out to triage a drive on the network, the power of the "Replace evidence object with image" is significant.
Anyone interested in joining in on the 30 minute F-Response/XWF online training demo, please send me an email. It's limited to only 16 people, but it'll be recorded to view afterward. And thanks to Matt for setting this up!
bshavers@gmail.com
I'll send out the invite after I get the first 16 responses.
Brett
And to clarify on the time, it will be 8am Pacific time, Oct 26th. There are few spots open for anyone wanting to join (send me your email address and I'll add you to the training).
Brett
Thanks to Brett Shavers for putting this on, and thanks to Matt Shannon from F-Response for hosting it.
Although I didn't really learn anything new about X-Ways, I was self-taught on using X-Ways (or to put it another way, I researched and developed my own methodology for it, and validated its performance myself) and it was good to see others are using it in the same way.
It was interesting to see it tie in with F-Response like that.
Just as an aside - what are some of the more obvious differences between 13 to 15? I am still using 13 and want to review Mr. Shavers lesson but want to make sure the information will pertain to the version that I have.
On the
Simply, there are some really good features that have been added since, well worth the cost to update from 13 to 15, and the cost isn't that much for an update or a full license compared to others. The best feature (that I like) which has not changed, is that XWF is light (practically can fit and run from a CD or small flashdrive) and its fast.
And no, I don't work for X-Ways, but I certainly enjoying using the product. If I like something, I say so, if not, same thing. The truth (or opinion) is what it is. XWF is probably the only app I know that I can throw into nearly any machine, without installation, and have it get what I need in a few minutes, in a full fledged forensic application.