we will do our best to get such a list in there! =)
Point well taken.
Most likely, even with a list, we'll fall a bit short of direct comparisons to avoid appearing bias or disparaging any other tool. I see the value in showing a side-by-side comparison of features ("this" button in tool A is comparable to "that" button in tool B), however, like Eric mentioned, we want a book based on XWF that shows how to implement XWF as a complimentary forensic tool to your current toolset and as your primary tool.
And although the book has "XWF" in the title…we know that even though XWF does just about everything, it doesn't do absolutely everything. Neither does any one forensic tool suite. For any forensic suite that claims to do everything, there is always something in that tool that may be done better with another complimentary tool. You need more than one hammer and a pair of pliers in your toolbox…
With that, we will have examples showing how a task is done in XWF combined with other tool suggestions to supplement to XWF, such as F-Response or another tool that may extend XWF's capabilities. This is a major deviation in any software manual or book written on one specific tool. We plan to show how you can work virtually any case with XWF as your primary tool plus show examples of using other tools to compliment XWF. Any other publication, besides a software manual, that describes only one tool limits your analysis because forcing one tool to accomplish a task that is better suited with another tool isn't the best way to spend your efforts.
Eric and Brett,
Just a couple of thoughts
* Intrusion Scenario
* Malware Scenario
* Use of X-ways with F-Response ?
* Internet artifacts?
* Event Logs, the Registry, and other Windows Artifacts?
* Some introduction to using the new X-Tensions API to do some common tasks?
Just some ideas. looking forward to the book gents!
How nice to see both authors come in and chat with forensic forum members. Nice touch lads!
Look forward to your Book.
Brett, Eric, congrats on getting a book contract for XWF. X-Ways is my main analysis tool, though I have licenses for EnCase and FTK as well. I'm much happier with X-Ways' transparent UI and responsiveness than with either of the heavyweights.
I'm particularly interested in the case studies, chapter 10. While there's value in showing a few meaty examples in detail, I think there's also a need for a broader, simpler approach – perhaps a chapter covering the most common investigation topics. "If you need to do *this*, here's how you can approach it in X-Ways." (followed by a brief description, perhaps some screen shots) I know you said it's not going to be a cookbook, but there is value to breadth as well as depth, which it appears the rest of the book addresses.
Eric, on a separate note, expect an email from me inviting you to be a guest speaker at the U.
Sounds good!
Keep the suggestions coming and lets start a list for those kinds of things here
Eric, would you please get in touch with me? The email address (fbi.gov) I have for you bounced. My email is scott.tucker [at] aptegra.com
We've created a blog at http//xwaysforensics.wordpress.com for updates to this book. The first chapters are finished, but if there are any suggestions as to what you'd like to see in the book, you can submit them here or in the http//xwaysforensics.wordpress.com blog.
One thing Eric has done is write a GUI application for the automated download, setup, and configuration of X-Ways Forensics, available to licensed users of X-Ways Forensics. A screenshot of Eric's app is on the blog site.
I just gave a brief presentation on advanced use of XWF at the 2013 CTIN Digital Forensics Conference in Seattle. The slidedeck can be downloaded from the XWF book's blog at
There are few neat features about XWF in the ppt that you may not have seen before, and are examples of how the book is being written in how to use XWF.
Great presentation. Will be especially useful to the folks in my office who haven't done the training yet! Thanks for making it available.