X-Ways Forensics Practitioner’s Guide
- 1st Edition - August 28, 2013
- Authors: Brett Shavers, Eric Zimmerman
- Language: English
- Paperback ISBN:9 7 8 - 0 - 1 2 - 4 1 1 6 0 5 - 4
- eBook ISBN:9 7 8 - 0 - 1 2 - 4 1 1 6 2 2 - 1
The X-Ways Forensics Practitioner's Guide is more than a manual-it's a complete reference guide to the full use of one of the most powerful forensic applications available, so… Read more
The X-Ways Forensics Practitioner's Guide is more than a manual-it's a complete reference guide to the full use of one of the most powerful forensic applications available, software that is used by a wide array of law enforcement agencies and private forensic examiners on a daily basis.
In the X-Ways Forensics Practitioner's Guide, the authors provide you with complete coverage of this powerful tool, walking you through configuration and X-Ways fundamentals, and then moving through case flow, creating and importing hash databases, digging into OS artifacts, and conducting searches.
With X-Ways Forensics Practitioner's Guide, you will be able to use X-Ways Forensics to its fullest potential without any additional training. The book takes you from installation to the most advanced features of the software. Once you are familiar with the basic components of X-Ways, the authors demonstrate never-before-documented features using real life examples and information on how to present investigation results. The book culminates with chapters on reporting, triage and preview methods, as well as electronic discovery and cool X-Ways apps.
- Provides detailed explanations of the complete forensic investigation processe using X-Ways Forensics.
- Goes beyond the basics: hands-on case demonstrations of never-before-documented features of X-Ways.
- Provides the best resource of hands-on information to use X-Ways Forensics.
Information Security professionals of all levels, digital forensic examiners and investigators, InfoSec consultants, attorneys, law enforcement officers. Also can sell to forensic training vendors, government training courses, universities, and high-tech crime associations.
Acknowledgments
About the Authors
Foreword
Introduction
Introduction
Summary
Chapter 1. Installation and Configuration of X-Ways Forensics
Information in this chapter
Introduction
System requirements
Installing XWF
The XWF dongle
The XWF user interface
Configuring XWF
Summary
Reference
Chapter 2. Case Management and Imaging
Information in this chapter
Introduction
Creating a case file
Creating/Adding evidence files
Creating forensic images with XWF
Reverse imaging
Skeleton imaging
Cleansed imaging
CD/DVD
Physical memory imaging
Container files
Working with RAID arrays
Augmenting with F-Response
Shortcuts
Summary
Chapter 3. Navigating the X-Ways Forensics Interface
Information in this chapter
Introduction
Case Data directory tree
Toolbar, tab control, and directory browser options, filters
Directory browser
Mode buttons and Details pane
Status bar
Main menu
General options continued
Volume snapshot options
Viewer programs options continued
Security options
Shortcuts
Summary
Chapter 4. Refine Volume Snapshot
Information in this chapter
Introduction
Volume snapshot options
Starting RVS
RVS options
Results of an RVS
Shortcuts
Summary
Reference
Chapter 5. The XWF Internal Hash Database and the Registry Viewer
Information in this chapter
Introduction
XWF internal hash database and hash sets
The registry through X-Ways forensics
The XWF registry viewer
The XWF registry report
Shortcuts
Summary
Chapter 6. Searching in X-Ways Forensics
Information in this chapter
Introduction
Simultaneous search
Regular expressions
GREP and regular expressions in XWF
Indexed search
Reviewing search hits
Text search
Hexadecimal search
Shortcuts
Summary
Chapter 7. Advanced Use of X-Ways Forensics
Information in this chapter
Introduction
Customizing X-Ways Forensics configuration files
Maneuvering in hex
Timeline and event analysis
Gathering free and slack space
RAM analysis
Scripting, X-Tensions API, and external analysis interface
Shortcuts
Summary
Chapter 8. X-Ways Forensics Reporting
Information in this chapter
Introduction
Adding items to a report table
Comments
Report generation
Report customization
Shortcuts
Summary
Chapter 9. X-Ways Forensics and Electronic Discovery
Information in this chapter
Introduction
Civil litigation
Review of relevant data with X-Ways investigator
Summary
Reference
Chapter 10. X-Ways Forensics and Criminal Investigations
Information in this chapter
Introduction
X-Ways Forensics and criminal investigations
Summary
Reference
Appendix A. X-Ways Forensics Additional Information
Introduction
Online resources
Keyboard shortcuts
Appendix B. X-Ways Forensics How to’s
Frequently asked questions and more XWF tips
Index
- Edition: 1
- Published: August 28, 2013
- Language: English
BS
Brett Shavers
Brett Shavers is a former law enforcement officer of a municipal police department. He has been an investigator assigned to state and federal task forces. Besides working many specialty positions, Brett was the first digital forensics examiner at his police department, attended over 2000 hours of forensic training courses across the country, collected more than a few certifications along the way, and set up the department’s first digital forensics lab in a small, cluttered storage closet.
Affiliations and expertise
Digital Forensics Practitioner, expert witness, and Adjunct Instructor, University of Washington Digital Forensics programEZ
Eric Zimmerman
Eric Zimmerman has been involved with computers in some form or fashion since the days of the Commodore 64. Eric holds a Bachelor of Science in Computer Science. In 2007, Eric started working for a federal law enforcement agency as a Special Agent.
Affiliations and expertise
Eric Zimmerman is a digital forensics examiner, investigator and programmer.Read X-Ways Forensics Practitioner’s Guide on ScienceDirect