Category: book

X-Ways Forensics Practitioner’s Guide, Second Edition

Here’s the update, TL:DR version

The second edition will be here in 2020.

Here’s the holdup (the bad news)

Syngress (who holds the publishing rights), is not taking on any new books, nor any future editions of current books. For all practical purposes, publishing through Syngress is over for everyone. They have changed their business strategy, which means, no X-Ways Forensics Practitioner’s Guide/2E through Syngress.

And for good news

Syngress promised to transfer the rights back to me and Eric Zimmerman.  It’s been weeks since waiting for the official rights transfer, but it is coming, so I am told. I am keeping up with weekly reminders to make sure. I do not doubt the rights are coming back, and when they do, the book will be self-published.

Self-published means:

  1. Typing to print time will be 75% faster.
  2. Updates will be practically immediate
  3. Future editions, when necessary, will be just a fast
  4. The book will be exactly what we want, which is the way we think best for users

Last day of discounted X-Ways Forensics online course

I’m sure there are a few more people left to register for the X-Ways Forensics online course (XWF I) with the discount code of “xwf1”. That’s 25% off, plus includes free tuition to the X-Ways Forensics II online course. XWF I is introductory, XWF II is more indepth, quite a bit longer, and will be released in August. XWF III, a shorter course will be released sometime after August.

Everyone registering by midnight tonight (Pacific time) for XWF I, gets access to XWF II and XWF III when published without cost. Otherwise, it’s a separate tuition payment for each course.  From July 18, the XWF I is back to $195, XWF II will be $299, and XWF III will be $75.   Each class is lifetime access, on demand training, including updates to the courses when XWF is substantially updated (should be a course update once a year).

Details on XWF II are here: https://xwaysforensics.wordpress.com/2014/07/05/x-ways-forensics-practitioners-guide-online-ii/

Register for X-Ways Forensics Practitioner’s Guide online course here:  http://courses.dfironlinetraining.com/x-ways-forensics-practitioners-guide

xwfii

Digital Forensics Book of the Year!

The X-Ways Forensics Practitioner’s Guide won the Best Digital Forensics Book of the Year award at the DFIR Summit 2014 in Austin, Texas.  I’d like to thank everyone who voted for the XWF Guide and hope the book has helped you in your work.

  Xways-Cover

award
https://forensic4cast.com/forensic-4cast-awards/2014-results/

Hey look! Now there is a book on FTK.

FTK
http://amzn.to/O38eWh

I previously posted that a book on FTK is sure to come along, since we have the best book of X-Ways and the other book on Encase.  Now comes a book on FTK.  Just like the XWF Guide or the upcoming Encase guide, I wouldn’t see any reason for a FTK user to not have a book on FTK.

It makes sense to have “the” book on X-Ways, “the” book on Encase, and “the” book on FTK.  By having books on your major forensic suites, it is easier to compare what suite “A” does compared to tools “B” and “C” as well as how to get from point A to B using each tool.

So….how about that book on ProDiscover?  Anyone?  Grab the opportunity before someone else does.  I promise to buy it, as I have already ordered the FTK and Encase books.

I have brief reviews on my favorite DF books at http://winfe.wordpress.com/books/

————————————————————————–

FTK
http://amzn.to/O38eWh

encase
http://amzn.to/P9XxCl

Xways-Cover
http://amzn.to/1gfx0t5

Not X-Ways, but of interest to Encase users

Computer Forensics and Digital Investigation with EnCase Forensic

encase
http://amzn.to/1eY02wn

 

I know, this has nothing to do with X-Ways Forensics.  But hey, the X-Ways Practitioner’s Guide was first…

Practically, this seems like a good book for Encase users to park on the shelf (while the X-Ways Practitioner’s Guide sits on your desk next to your keyboard).

So, when is that book on “FTK” coming out….and who is going to write it?…And if you do want to write it, give Syngress a shout.

Another reason to use, try, or at least just learn about XWF

Not that many years ago, you would not find a requirement of having experience with X-Ways to apply for a DFIR job.   But now, some jobs recommend it and yet some others require it.  This is not to say the other big players (Encase, Accessdata, etc..) are not needed or useful, just that XWF has made it to the same level at a price point that will probably not be beat with capabilities that still outpace other tools.

So……it makes sense to know a little about the tool that might put you over the edge for that next job.  Of course, you need to be competent too, but like I’ve said before, “beware the examiners that use X-Ways Forensics because they probably know what they are doing.”

one two three

For the future XWF users, check out www.x-ways.net for some details, download and read a quick guide, and when you move forward with XWF, buy the book 🙂

 

Cloud Storage Forensics

Image
http://www.amazon.com

I have a detailed review of this book at http://winfe.wordpress.com.  In short, it’s a really good book and of all tools to choose for the research in the book, the authors picked X-Ways Forensics.  But then, that should not come as any surprise.

There’s still time to ask Santa to put this in your stocking…

Cool update to the XWFIM, Portable Install

Eric is at it again.  This time with a pretty cool update to the X-Ways Forensics Install Manager (v0.0.7.0).  The update to the XWFIM now includes an option to create a portable install to external media.   Page 13 of the Practitioner’s Guide to X-Ways Forensics details how to do this manually, but XWFIM does it for you with a few clicks.

portable
Easy enough

 

drive letter
Cool! Notepad++ and Volume Label renamed.

 

result
Bam! Done.

 

Another cool little feature is that the XWFIM creates all the case folders for you in the process of the portable install.  Neat.

folder
I like this. Saves a few keystrokes and I’m all about saving keystrokes.

 

Don’t forget, if you liked the Practitioner’s Guide to X-Ways Forensics, write a review on Amazon to let us know how you liked it (or if you didn’t…).  And if you use XWF and didn’t buy the guide…you are missing out on more than a few tips and tricks that will save you dozens of keystrokes.

X-Ways Forensics Install Manager

I cannot imagine anyone who uses XWF not having Eric Zimmerman‘s XWFIM.   Every time I use it, I wonder how I did without it.  XWFIM is available through the XWF support forum.  It’s free, but you need a license for XWF to get it.

Eric constantly adds little things to it, much like Stefan adds ‘little’ things to X-Ways Forensics.  One of the latest little additions is the selection box to “Include pre-release versions” which is pretty cool.

xwfim

 

And if you haven’t bought the XWF Guide yet and you use the XWFIM, just click the book’s graphic and you can have the guide on your Kindle in about 30 seconds.

xwfim2

X-Ways Forensics Imaging Article

In case you missed an article on X-Ways Forensics Imaging (page 40), you can download a free copy of the issue of eforensicsmag here:  http://eforensicsmag.com/jumpstart-3-free/

XWF Imaging
You may like the WinFE article too…I know the guy that wrote that article…

brief

The article is an overview of imaging with X-Ways Forensics, which is covered in more detail in the XWF Guide.   If you haven’t bought the guide yet and are on the fence on whether XWF is right for you, check out the article on the one feature of imaging and I am sure you will not be on the fence anymore.

Xways-Cover
I use this guide myself…and I was a coauthor!

%d bloggers like this: