The 2nd edition of the X-Ways Forensics Practitioner’s is already over a year old! There have been more updates during that time in XWF, but not enough to justify a new edition.
I am hoping that the XWF practitioner’s guide has been useful as that was my intent! It took a lot of work and stress to get that book out. I believe that it has sold more than the first edition, for which I am grateful for the first edition being possible with Syngress as the publisher. It hit the top selling books on Amazon a few times and was nominated for the Forensic 4:Cast awards, but didn’t win..
There are over 35, 000 XWF licensed users, so I missed A LOT of users. I am willing to bet that this book would help them with XWF in ways they never knew.
Inside scoop on this 2nd edition
The first edition was published by Syngress Publishing, therefore the Rights to the book belonged solely to Syngress. This edition became out of date after 5 or 6 years, and from that time, I was emailed constantly about a second edition for years.
Each time that I had bulk requests about a 2nd edition, I asked Syngress about writing it. Syngress didn’t want to. I was told that the first edition was still selling. Then they were not publishing new books at one point. And so on, each time an excuse for not publishing the second edition.
The first edition’s initial print run was sold out in pre-sale, so it was a good seller at that time proving the need for the book. I can understand Syngress not wanting to stop printing one book to replace it with another if the first was still selling.
Then the book ended up on the pirated books websites. That was sad to see, especially since at least one of the PDFs had malware that I found.
But after awhile, I didn’t want anyone buying that first edition since it was OLD and OUT OF DATE. Syngress still refused to go forward with a second edition, so I spent more than a year asking for the Rights to the book from Syngress. I am thankful that they gave the Rights of all content, title, and book to me.
So then, I could print the second edition myself, which meant marketing it myself, designing the cover myself, and asking for help in the process. Much sincere appreciation to Michael Yasumoto for tech editing!
Quick note on a Kindle version: It won’t happen with this book. I tried to convert it to Kindle and the formatting makes it unusable. It may be readable, but I don’t want such bad visual quality with my name on it…
Now that I own the Rights to the book and any future editions. I can update at will.
So…….a third edition?
I am now getting asks about a 3rd edition. Here are my thoughts on the next edition:
1-the second edition should be good for another 3-4 years to learn XWF. The improvements and updates to XWF between publishing and at that time are not enough to redo the entire book. Some dialog boxes are completely revised now, but for function, the book should be good for some years.
2-with the first and second editions showing all the buttons and checkboxes, and demonstrating the flow of XWF, I am not certain that a third edition of the same content type is worth it. A huge chunk of XWF users bought the books and should be competent in knowing how the buttons work (and checkboxes!).
3-a new method of showing XWF may be better. As of now, I am not touching a 3rd edition until I wrap up the books I have ahead of it.* But, in 2025, if I can get to XWF/3E, it will be a workflow book, meaning, each chapter will be a case study, in a specific type of case, showing one or more workflows with XWF in that particular type of case. As an example, Chapter 1 may be titled “CSAM and XWF”. An entire caseflow of working a CSAM case with XWF would be contained in that chapter using fake CSAM, of course. Chapter 2 may be titled “IP Theft and XWF” using the same concept.
Is X-Ways Forensics the best forensic software?
Yes. No. Maybe. Maybe not. It depends.
I get this question sometimes, at least enough to write about it here. First off, I do not and have never worked for X-Ways. They have never paid me for anything (writing, teaching, testing, or developing). I have no connection other than I use their products. My partner and I did suggest to X-Ways to put on training, and we set up the first X-Ways training course in Seattle, WA. Oh, my partner and I did get a license for Evidor at that time for hosting the class, and 2 free seats in the class.
That is the only thing that I have in connection with X-Ways and supporting their products.
With that, sometimes XWF is the best tool for what I need, other times it is the 2nd best, and sometimes it would be useless in what I need to do. That is my honest opinion.
I use a lot of software for specific problems. For the software that I trust as effective, I support them through through personal and professional marketing. I want them to succeed so that I can take advantage of their growth and development in their tools.
So, sometimes it is the best and sometimes another tool is best. It all depends, like everything else in DFIR. As a side note tho, XWF is one of the tools that I think is darn near mandatory to have in your toolbox.
*those other books are: The DFIR Investigative Mindset, Stepping into the Breach, and Placing the Suspect Behind the Keyboard. The Mindset book is technically done and needs review. Stepping into the Breach is in progress, and Placing the Suspect Behind the Keyboard has been an ongoing project that was put on hold for Stepping into the Breach.
The X-Ways Forensics Practitioner's Guide/2E 