I am wondering if anyone on the boards regularly uses x-ways forensics(non-demo version) and what are some thoughts on it.
I am considering using this to do the practical examinations for the CCE certification.
Any comparisons to FTK(the demo version) would be great too!
Thanks!
I routinely use X-Ways Forensics (Specialist edition) as my tool of choice in examinations. In my opinion, there is no more flexible, powerful or effective digital forensics suite on the market than XWF. There is simply no better carving, filtering or search tool right now among the leading suites. Moreover, it is supported one-on-one by the developer with an exacting commitment to perfection that is second-to-none. Stefan stomps out bugs like an exterminator on steroids and ensures that whatever XWF does, it does in a rational and exacting way. Where other tools add customer-requested features now-and-then, Stefan often adds them within days or weeks of the request.
There's not much support hand holding (fools are not suffered gladly), and XWF is surely not the super-simplified "Find Evidence" tool others promise; but, I suspect that it's the tool to be beaten for use by anyone who learned to do forensics at the hex level and needs a tool capable of undertaking nearly any task.
Now, add to all of the above that XWF is the least costly by far of the three major suites, and you will appreciate my enthusiasm. EnCase and FTK are both fine products in their latest releases–by all means buy them, too–but don't expect them to be XWF.
Good luck on your CCE.
Hi Tibbs
I totally agree with Craigball's opinion.
I've never used much FTK but I was trained on Encase and the beginnings on X-ways were a bit hard, but it now is my first choice for analysis and I discover new possibilities every day.
+1 for Stefan's comitment and responsiveness and most of what's been said before.
A couple of extra remarks
- Gallery view of pictures is a real pleasure compared to Encase
- One thing X-ways lacks is some kind of scripting capability (Enscripts /prodiscover scripts)
- X-ways allows you to fine-tune the software to your needs and preferences, almost in every possible way. That means that you have to be careful with what you're doing, or you might miss evidence by having certain options selected.
- While other tools are more "user-friendly" and automated, X-ways also help you in doing manual analysis (MFT colouring is a great asset in some cases) and the quantity of information that is provided to the user is great.. If you understand it all…
-The reporting part could be improved. I actually don't use it too much.
That's about all for now. I got it because it was cheap, and I keep on using it just because it's a really great tool.
If I had to have two tools, I'd have EnCase and X-Ways. EnCase because it has scripting and a user friendly GUI that doesn't hide the underlying structures too much (I can drill down to the MFT record fairly easily for example). I'd have X-Ways because I largely trust what I am seeing - everything is right, and (rarely) when it's not, it's fixed, pronto. The GUI is not just difficult, it's arcane but I have to say it's the one tool I'd have if I could have only one.
Oh, and I'd always have my GNU/Linux machine to fall back on )
Paul