Brett Shavers's Blog, page 17

The X-Ways Users Conference is here in a few weeks.  My kind of conference: Australia and fellow X-Ways users! 

Maybe next year for me…but it sure would make for a good vacation, I mean, training trip.

Not that many years ago, you would not find a requirement of having experience with X-Ways to apply for a DFIR job.   But now, some jobs recommend it and yet some others require it.  This is not to say the other big players (Encase, Accessdata, etc..) are not needed or useful, just that XWF has made it to the same level at a price point that will probably not be beat with capabilities that still outpace other tools.

So……it makes sense to know a little about the tool that might put you over the edge for that next job.  Of course, you need to be competent too, but like I’ve said before, “beware the examiners that use X-Ways Forensics because they probably know what they are doing.”

For the future XWF users, check out www.x-ways.net for some details, download and read a quick guide, and when you move forward with XWF, buy the book

From a twitter post, a cool video on imaging with X-Ways noted (13:50) as doing something other tools don’t.  The entire video is actually pretty good too.

I’m duplicating this post from another blog because this will probably be the coolest book to come out this year in digital forensics and is a must-have.  The short version as to why the book is a must-have is “duh, it’s Harlan’s latest book…and Windows 8…”

I’ll wait to give an “official” review of Harlan’s book (" target="_blank">Windows Forensic Analysis Toolkit, Fourth Edition: Advanced Analysis Techniques for Windows 8) only to give others the chance to read it once it becomes available.  But…I’ll say that based on my early reading as a tech editor, this is a book that ranks for me in as much anticipation as a new Tom Clancy novel being released.

">I also think this is one of those books that if not pre-ordered, will have you waiting until it is reprinted due to being over-ordered.  The"> X-Ways Practitioner’s Guide was one of those books too, where late-comers had to wait weeks for the second printing.  This book is no different, because just about all of the neat things in the book show just how much Harlan has discovered in some very neat areas of Windows 8.

One thing I learned about ordering books from Amazon, is that Amazon will pretty much match the lowest price found elsewhere.  I also learned that with a pre-ordered book, you can cancel before the book is printed if you find a lower price somewhere else.  The point is, pre-order the book or you may be waiting a month after everyone else gets their copy…it comes out in April ’14 and I’d expect the second printing to be needed in April ’14…

http://www.amazon.com

I have a detailed review of this book at http://winfe.wordpress.com.  In short, it’s a really good book and of all tools to choose for the research in the book, the authors picked X-Ways Forensics.  But then, that should not come as any surprise.

There’s still time to ask Santa to put this in your stocking…

Eric is at it again.  This time with a pretty cool update to the X-Ways Forensics Install Manager (v0.0.7.0).  The update to the XWFIM now includes an option to create a portable install to external media.   Page 13 of the Practitioner’s Guide to X-Ways Forensics details how to do this manually, but XWFIM does it for you with a few clicks.

Easy enough

Cool! Notepad++ and Volume Label renamed.

Bam! Done.

Another cool little feature is that the XWFIM creates all the case folders for you in the process of the portable install.  Neat.

I like this. Saves a few keystrokes and I’m all about saving keystrokes.

Don’t forget, if you liked the Practitioner’s Guide to X-Ways Forensics, write a review on Amazon to let us know how you liked it (or if you didn’t…).  And if you use XWF and didn’t buy the guide…you are missing out on more than a few tips and tricks that will save you dozens of keystrokes.

I cannot imagine anyone who uses XWF not having Eric Zimmerman‘s XWFIM.   Every time I use it, I wonder how I did without it.  XWFIM is available through the XWF support forum.  It’s free, but you need a license for XWF to get it.

Eric constantly adds little things to it, much like Stefan adds ‘little’ things to X-Ways Forensics.  One of the latest little additions is the selection box to “Include pre-release versions” which is pretty cool.

And if you haven’t bought the XWF Guide yet and you use the XWFIM, just click the book’s graphic and you can have the guide on your Kindle in about 30 seconds.

In case you missed an article on X-Ways Forensics Imaging (page 40), you can download a free copy of the issue of eforensicsmag here:  http://eforensicsmag.com/jumpstart-3-free/

You may like the WinFE article too…I know the guy that wrote that article…

The article is an overview of imaging with X-Ways Forensics, which is covered in more detail in the XWF Guide.   If you haven’t bought the guide yet and are on the fence on whether XWF is right for you, check out the article on the one feature of imaging and I am sure you will not be on the fence anymore.

I use this guide myself…and I was a coauthor!

There is a possibility that the XWF Guide may be translated into Chinese and Korean.  That would be pretty cool.  I can at least look at the pictures

Been using X-Ways Forensics for a while now, have ya?  Been to an X-Ways training class?  Then consider getting certified by X-Ways as an expert (X-PERT) in XWF.

http://www.x-pert.eu/

Be sure to set aside time, have your XWF Guide at your side, and dive right in.  It’s a real forensics exam that if you pass, have a certificate that actually means you know what you are doing with X-Ways.