Author: Brett Shavers

http://www.amazon.com/author/brettshavers https://www.brettshavers.com https://www.dfir.training

A few more days…


Click to order your copy!

Word from the publisher:

book is going to print in a few days.

One of the benefits of this book is that it shows you how to use X-Ways in your cases, by practically showing which buttons to push to get what you need quickly,

The other aspects of the book show how X-Ways works. We show you how you can tweak it do exactly what you want and only what you want at the fastest speed possible.

To everyone who pre-ordered, you helped place the X-Ways Guide at the #7 spot of best sellers on Amazon (under Books > Law > Criminal Law > Forensic Science).


ranking

Order from Amazon.com

A great interview with Author Eric Zimmerman.

Hacking Exposed recently interviewed Eric in which he spoke a bit on the XWF Guide and his career.  Eric’s experience in forensics shows in the book, which if you haven’t heard, should be available on August 2nd.

To make sure you can get a copy without waiting, consider a pre-order at Amazon 🙂

Rather than search to find where to buy the guide, just click it and order it!

X-Ways Forensics is surely taking off as a strong primary tool.  There have been more than a few government and private forensic labs in the world not upgrading their “other” tool in order to migrate to XWF.   This book more than satisfies how to do just that.

XWF Practitioner’s Guide Date Change

Sometimes, a date change is a bad thing.  But this time, it’s a good thing.

Image

Looks like we are way ahead of schedule going to print.  With the publisher’s efforts (Syngress) combined with the speed of testing, writing, and editing talents of Eric Zimmerman, Jimmy Weg, and Stefan Fleischmann, we have pushed the print date from February 2014 up to August 2, 2013.  Now that has to make someone happy.

Hitler rants about Encase training policies – Downfall parody

Levity in the digital forensics software world…(I didn’t make the video, and i don’t take the video as a slight against Encase, it’s just a funny video).

“This book is going to be great!”

“This book is going to be great!  The essential, accessible answer to the impenetrable density of XWF’s help file”. – Craig Ball

There’s been more than few tweets about having to wait until October, but don’t worry, we are ahead of that schedule.    The most current target date for printing is September 3.

Image

The book is now in the hands of trusted reviewers and so far, the comments have been really positive.  So much so, that even those who have used XWF for years learned tips and tricks from even the first chapters of the book.

There are a number of XWF users who started from the first versions of XWF and even went to the first XWF courses (back in ’05…).   For these XWF users, the learning curve was short.  New tool, new training by the developer, no problem.  For everyone else purchasing a dongle and trying to maneuver around a program that doesn’t look like any other they use is a different story.  I’m sure ‘different’ could be replaced with ‘frustrating’.

But with this book, new and not-so-new XWF users will have everything needed to use XWF as their primary tool (or even as the secondary tool that always works when the others fail).

Here are some benefits from the book, maybe you fit in one or more of these.

Non XWF user:  Haven’t tried it, like what I’m using already (even if I complain about it), and don’t have the time to learn a new tool.  I don’t even want to learn another tool.  However, since there is so much talk about X-Ways, I’ll try it and check it out.

New to forensics:  I haven’t got a clue which tool to start with, but XWF sounds like it works and fits my budget!

Current XWF user:  I have used XWF for years and think I got it down.  Then again, I still don’t use it as a primary tool and wonder how anyone does that.  I can use some tips on how XWF does more because I’m not totally confident in using XWF.

Forensics instructor:  I spend more time teaching the tool than forensics.  A student guide would save time in the class better spent teaching forensics instead of software use.

Expert forensics analyst:  I want the most indepth, powerful, fastest, and configurable forensic tool available!

If you have concern that the book will be outdated soon, don’t worry.  The material covers the vast majority of XWF features in detail.  Any new item that is added as an update doesn’t change the information in the book, it only adds a new capability.  Once you know the tool, the updates that are put out almost monthly are awesome.

The bar is now closed…

As in, the book is done, no more to add, it’s all done.   It’s now in the hands of the publisher to proof, print, and distribute.   Accuracy checked by Stefan Fleischmann (developer of X-Ways Forensics),  Tech Edited by Jimmy Weg (an expert X-Ways user and superb tech editor), and written by Eric Zimmerman (who I have found to be a great writer and even better X-Ways master) and myself, this is the book to have.  Refresh what you learned in an X-Ways course or learn by reading.   Having used X-Ways since the first release, this is a book I whole-hardheartedly recommend.

https://simg1.imagesbn.com/p/9780124116054_p0_v1_s260x420.JPG
Order the guide now by clicking the book image.

 

About those case studies…..

We made a change with the case studies in the book, which some may not like…we didn’t do the case studies chapter.

Actually, we spent a lot of time trying to write up case studies, only to find that we were spending more effort and writing on the “how to do forensics’ rather than the ‘how to use XWF’.   As an example, writing about malware analysis with XWF requires a book by itself.

However, we have managed to provide case flow examples with electronic discovery, consent searches/triage, live response, and a myriad of specific examples of how to use XWF in different situations that can be put to use in just about any type of case.  This is on top of going through XWF with a fine tooth comb explaining every nook and cranny to either use XWF with speed and minimal user intervention (as close to a one button approach possible) through the most granular configuration as you want to have in a forensic application.

The layout and organization is simple, to the point, and the information is easy to find (index, appendix, and lots of screenshots).    It will be a required reference book on your desk if you are a user of X-Ways Forensics, whether you started using XWF from its first release or if your first XWF dongle just arrived yesterday.  For anyone that teaches forensics using XWF, you may want to consider this book as required reading for your students to save you a lot of class time teaching ‘how to use XWF’ in class in order to focus on teaching forensics.

Writing is done!

All chapters are done, the writing is over, and the XWF Guide is just a few steps away from being put on paper (proofing, setting, and printing is all that is left).

Having re-read the book, it is something I would have liked to have had when starting to use X-Ways Forensics in the beginning and while using it on cases.

Take the XWF class or buy the book?

Regarding a post on twitter asking if training from X-Ways is worth it or just buy the book, I’d have to say taking the training is a good solution.  And so is buying the book.

I favor training for almost everything (easier to learn from other’s mistakes…).  I also favor reading to self-learn and as a reference when needed. 

I’ve personally taken XWF training on more than one occasion, and know others that have taken the training more than that.  Each time, there is something new that you learn, just like with any class I’m sure.  I did not regret taking the training as it did make the transition to XWF easier.  Although, if there were a book on XWF at the time, I would have bought it and still went to training.

I think it comes down to (1) time, (2) money, and (3) self-learning ability.  If you can afford the training and afford the time off from work, why not take the training?  You can still buy the book for a reference because you will most certainly like to have it when using XWF.  But, if the cost of training, loss of time (vacation or you just need to get things done at work) is too much, you will still learn a lot with the book, more than enough to competently use XWF.

We have written the book (working on the last chapter now…) in a manner that if you have not taken the training, you will be able to use XWF, in a step-by-step instruction, including how to use in specific types of cases.  It is also written as a reference guide.  Need to know what shortcut opens the directory browser window? We have a section on all shortcuts?  Need to know the different ways to create an image, or container, or skeleton image? We have a chapter on that?  Curious what a specific checkbox selection does?  We have that detailed.  Need to know how to use XWF in ediscovery? We have something on that too.  So, for those that like to tinker with software to learn how to use it, meaning…pushing buttons to figure it out, this book is for you.  Some like sitting in a class.  Some like figuring it out themselves.  As far as the training put on by X-Ways, they do a good job and you get your money’s worth with the amount of information.   They do not stretch 8 hours into a week.  They cram 40 hours of information into 20 hours.

Case Studies

Here are some of the case studies we are working on for our current and last chapter:

Image

  • Electronic Discovery (IP theft, document collection, contract antedating)
  • Consent Searches (triage/preview)
  • Parole Searches (triage/preview)
  • Malicious Software
  • Intrusion
  • Fraud
  • Child Pornography
  • Cell phone analysis

Several of these are being submitted by contributors, and all are to be detailed using XWF and suggested case flow processes.  Contributors to be duly noted (as much as they allow).