This book is one of those books that begged to be written for years, but I didn’t realize it until years after using X-Ways Forensics. First off, let me talk a little about X-Ways Forensics. X-Ways Forensics is a fairly new digital forensic software application that was released in 2004 by Stefan Fleischmann of X-Ways Software AG in Germany. Stefan is also the developer of the widely used hex editor WinHex, from which X-Ways Forensics is based upon. Those examiners who started in forensics during the days of using hex editors certainly knew of WinHex as one of the best, if not the best, hex editors available.
There have always been many forensic analysts who have avoided using X-Ways because it was “too hard” or “not intuitive” with a manual that wasn’t easy to figure out. I never thought that way myself, probably because I was in a room where Stefan showed us how to use it from the first time I was exposed to it. Unfortunately for the rest of the digital forensic world, if you didn’t attend a course in X-Ways, the interface can be intimidating. For the really busy forensic analyst, making the time to learn X-Ways Forensics wasn’t in the daily schedule if you were already using another tool. I totally get that.
"...good reference manual for anyone who wants to learn more about the XWF software...also highly recommended for expert forensics specialists who want to utilize the fullest potential of the XWF software tools." Journal of Digital Forensics, Security and Law,Vol 9, No 3
Eric Zimmerman accepted my badgering to be a co-author and I am truly grateful. Eric is one of those computer scientist forensic examiners who can take a job needing a week to finish and have it done in hours if not faster. I pestered another long-time X-Ways Forensics user, Jimmy Weg, until he agreed to at least be a Tech Editor for the book with his busy schedule. And again, the book was fortunate to have Jimmy on board. Of course, having Stefan Fleischmann support our book by reviewing every chapter for accuracy ensured we would have everything right. Stefan’s view of writing about X-Ways is different from our view, so the manual and the book are different. Both are needed and complement each other, but they are different.
We knew that during the time of writing the book, Stefan would update X-Ways Forensics with new features, updates, and upgrades. With this, the book will still retain its currency and value as no matter how many updates are made, the book covers 95% of using X-Ways Forensics that remain unchanged. The remaining changes are easily found on the X-Ways website. We wrote the book to be able to keep up with updates, even as we couldn’t put every update in the book before it went to press.
There is a saying of ‘beware of the analysts that use X-Ways Forensics, for they probably know what they are doing’. I actually made that up, but it is fitting.
“The essential, accessible answer to the impenetrable density of XWF’s help file”. Craig Ball, trial lawyer and X-Ways Forensics practitioner.