The X-Ways Users Conference is here in a few weeks. My kind of conference: Australia and fellow X-Ways users!
Maybe next year for me...but it sure would make for a good vacation, I mean, training trip.
Not that many years ago, you would not find a requirement of having experience with X-Ways to apply for a DFIR job. But now, some jobs recommend it and yet some others require it. This is not to say the other big players (Encase, Accessdata, etc..) are not needed or useful, just that XWF has made it to the same level at a price point that will probably not be beat with capabilities that still outpace other tools.
So......it makes sense to know a little about the tool that might put you over the edge for that next job. Of course, you need to be competent too, but like I've said before, "beware the examiners that use X-Ways Forensics because they probably know what they are doing."
For the future XWF users, check out www.x-ways.net for some details, download and read a quick guide, and when you move forward with XWF, buy the book :)
Cool. WinFE is mentioned in a Scientific Working Group on Digital Evidence document.
I've been waiting for this book to come out so I can write something about it. I had the fortune of being able to read it early as I was asked to be the tech editor of the book. It's not my book, but if it were, I'd be mighty proud of it. If you want to skip this review and get to the point, here it is; get this book, it is well worth it! This is another one of those books that you will wish had been written before you tried to figure out how to do it on earlier cases...
[caption id="" align="alignleft" width="209"] http://www.amazon.com
The forensic books of today have gotten so much better, not because older books are not good, but because the information we know now is so much more detailed and specific. The topics of the books are no longer "Computer Forensics" but rather specific topics within forensics. Books focusing solely on registry forensics or windows forensics or X-Box forensics. And now we have cloud forensics. This makes it so much easier to find a reference when needed by grabbing a book on the specific subject instead of flipping through a book to find a specific chapter of a subject.
One of the biggest differences you'll find in this book is the documentation of the methodology followed by the authors. Step-by-step instructions of what they did and their findings. Every chapter follows the same methods, in order and detail. It is laid out so well, that you can replicate their work on any cloud system not covered and know that you did a good job. Another neat thing about this book...the authors used X-Ways Forensics.
As I mentioned, the forensic books of today make it nice to have books dedicated to one topic in detail. That is the good news and the bad news as there are many of these books being published to buy.
I know many people like Kindle versions, but I have this book in print (not Kindle) because I like to treat it the same as all my other reference books. Dog eared, highlighted, sticky-noted, and lots of personal notes written throughout the book.