The bar is now closed…

As in, the book is done, no more to add, it’s all done.   It’s now in the hands of the publisher to proof, print, and distribute.   Accuracy checked by Stefan Fleischmann (developer of X-Ways Forensics),  Tech Edited by Jimmy Weg (an expert X-Ways user and superb tech editor), and written by Eric Zimmerman (who I have found to be a great writer and even better X-Ways master) and myself, this is the book to have.  Refresh what you learned in an X-Ways course or learn by reading.   Having used X-Ways since the first release, this is a book I whole-hardheartedly recommend.
Order the guide now by clicking the book image.


Take the XWF class or buy the book?

Regarding a post on twitter asking if training from X-Ways is worth it or just buy the book, I’d have to say taking the training is a good solution.  And so is buying the book.

I favor training for almost everything (easier to learn from other’s mistakes…).  I also favor reading to self-learn and as a reference when needed. 

I’ve personally taken XWF training on more than one occasion, and know others that have taken the training more than that.  Each time, there is something new that you learn, just like with any class I’m sure.  I did not regret taking the training as it did make the transition to XWF easier.  Although, if there were a book on XWF at the time, I would have bought it and still went to training.

I think it comes down to (1) time, (2) money, and (3) self-learning ability.  If you can afford the training and afford the time off from work, why not take the training?  You can still buy the book for a reference because you will most certainly like to have it when using XWF.  But, if the cost of training, loss of time (vacation or you just need to get things done at work) is too much, you will still learn a lot with the book, more than enough to competently use XWF.

We have written the book (working on the last chapter now…) in a manner that if you have not taken the training, you will be able to use XWF, in a step-by-step instruction, including how to use in specific types of cases.  It is also written as a reference guide.  Need to know what shortcut opens the directory browser window? We have a section on all shortcuts?  Need to know the different ways to create an image, or container, or skeleton image? We have a chapter on that?  Curious what a specific checkbox selection does?  We have that detailed.  Need to know how to use XWF in ediscovery? We have something on that too.  So, for those that like to tinker with software to learn how to use it, meaning…pushing buttons to figure it out, this book is for you.  Some like sitting in a class.  Some like figuring it out themselves.  As far as the training put on by X-Ways, they do a good job and you get your money’s worth with the amount of information.   They do not stretch 8 hours into a week.  They cram 40 hours of information into 20 hours.

XWFIM updated

Just posted This fixes a few issues related to checking for new versions when more than one zip file exists as they often do when it comes to prereleases.


If you get an error about “more than one element” on startup, dont sent the error report, do not exit, then proceed to update using the built in updating feature. Worst case just redownload it from XWF website and it should be fixed.


Case Studies

Here are some of the case studies we are working on for our current and last chapter:


  • Electronic Discovery (IP theft, document collection, contract antedating)
  • Consent Searches (triage/preview)
  • Parole Searches (triage/preview)
  • Malicious Software
  • Intrusion
  • Fraud
  • Child Pornography
  • Cell phone analysis

Several of these are being submitted by contributors, and all are to be detailed using XWF and suggested case flow processes.  Contributors to be duly noted (as much as they allow).

Multiple File Finder X-Tension for X-Ways Forensics

Here is a new X-Tension for XWF that does a few neat things, such as searching for specific files and adding them to the report table, and exporting files for external analysis:


Starting the last chapter!

We are starting the last chapter (Case Studies) and have a few contributors already for case examples.  We’ll gladly take more as we want to have a wide range of case studies using X-Ways.


For everyone waiting, we are finishing the book much earlier than we had planned, only because it has been a smooth process with the authors (Brett and Eric), the Tech Editor (Jimmy), and publisher (agreeing to push up the schedule to keep up with us!).

We’ve also had offers of translating the book into other languages, and are visiting that topic.  So far, maybe French…suggestions for others?

XWFRT released

New in this version is the ability to attach one or more external files to your report.

This includes things like XWF registry reports (as seen below). You can include any kind of file to the report in this manner. HTML files will be viewable directly in the browser.

The screenshot below shows 2 registry reports being added as external files.


And here we see what the report would look like as a result of including the files.




%d bloggers like this: