Brett's Blog

Just some ramblings.

Reminder for the last discount for the X-Ways Forensics Practitioner’s Guide Online and On demand course.

If you were thinking of doing it, this is the best time since the $599 online course will only be at a discount of 60% for less than two weeks (until Dec 31, 2016) for only $235.  PLUS, registering before December 31, 2016 gets you a print copy of the book, the X-Ways Forensics Practitioner’s Guide shipped to you. Unfortunately, the book is only included for US/Canada registrants since shipping a book outside the USA or Canada costs more than the book.  Shipping to some countries costs more than the entire X-Ways online course costs.  I’m happy to ship a copy, but the shipping fees must be added.  Best bet is to order a book online that delivers locally without extreme duty fees.

Register with the 60% discount using this URL: 

Just a few notes on the online XWF course based on emails I have received:

Time limit:  You have a year to view the course as often as you want.

Software: Not included.  You don’t need it for the course, but I think you’ll want to have a license.  If you want to know how XWF compares to other tools, you can get 12 hours of instruction showing how it works and much of what it can do.  Once you start using XWF, you’ll begin to see that it can do a lot more than what the manual or any course can teach. 

...
Continue reading
390 Hits
0 Comments

X-Ways Forensics Sucks….

…only with decryption, and even at that, it does everything else superbly.

I probably caught your attention if you are an X-Ways Forensics user.  The only thing that sucks about X-Ways Forensics is that it doesn’t do encryption.  By “doing encryption”, I mean that it doesn’t decrypt encrypted files or systems.  Besides that one aspect of forensic work, X-Ways Forensics rules.

**UPDATED X-WAYS FORENSICS PRACTITIONER’S GUIDE ONLINE COURSE**

I completely updated and extended an online course based on my book, the “X-Ways Forensics Practitioner’s Guide”.  It has taken some time to create a course that has 95% of what you need to use X-Ways Forensics without being an overly long instruction of the software.  The remaining 5% changes every week or so with new features and updates added by X-Ways.  This course covers X-Ways Forensics up to version 19, but know that X-Ways will be adding new features every week that aren’t included in this course yet.  After enough ‘little’ features and improvements have been added, more content to the course will be added as well.

Here is the gist of this post

...
Continue reading
845 Hits
0 Comments

X-Ways Online Training Course

X-Ways Online Training Course


I will be publishing an X-Ways Forensics Online Training Course on June 30, 2014.  The course is based off the X-Ways Practitioner's Guide, the X-Ways manual, and a decade of experience using X-Ways...it is not the official X-Ways training course, but it also does not come with the price tag of the official course.   From Monday, the X-Ways course will be $195 but I will publish a discount code good for two weeks (through July 14) for 25% off.

I'll send out a reminder on June 30 through twitter and the XWF blog, so follow the blog or twitter account to catch the discount code.

The manner in which I made the X-Ways course is so that you can follow along with XWF in learning how to work a case with X-Ways Forensics.  The course describes the options and buttons in XWF, but also shows how to simply work a case.  There are literally so many features in X-Ways, that without training, you will be missing about 50% of what you should be doing.  I found that even the most current version of the X-Ways manual does not list features in XWF...lots of information to keep up with, tons of features to consider, easy to miss something that you should not miss for such a powerful forensic tool.

If you want to be notified of the coupon code, be sure to follow the X-Ways blog at http://xwaysforensics.wordpress.com/ or the twitter account at https://twitter.com/XWaysGuide.

 

 

Windows Forensic Environment Online Training Course


I also have just released an online course on the Windows Forensic Environment (WinFE).   I have videos of most build methods, tips and tricks, pro's and con's, and aspects of WinFE that you may find important.  I also included every bit of downloadable swag in the course too (batch files, wallpaper, scripts, etc...).

All in all, this is probably the best source of WinFE you will find.  I encourage you to share it and use it, after all, this is a free tool and this course is free.  If anyone has suggestions on making the course better, let me know and I can try to squeeze in some improvements.

[caption id="attachment_1231" align="aligncenter" width="700"]winfe http://courses.dfironlinetraining.com/windows-forensic-environment

 

1823 Hits
0 Comments

C4All X-tension update

Update November 14, 2014

Download link to version 3.6.2.d https://www.dropbox.com/s/zewn7myskf...6.2.d.zip?dl=0
This update changes the way the video stills are treated when extracting movies.
-now video stills are extracted if the parent movie is extracted, regardless of whehter
the video still has been type verified.

 

 

 

 

That is for version 3.6.2.d that fixes a few issues with C4All not handling some characters.

 

...
Continue reading
524 Hits
0 Comments

Updates to X-tension and Hash File Manipultator

Hashbrown program 64 bit version only http://1drv.ms/1tLsNnG updated October 10 2014

instructions http://1drv.ms/XNdgeJ
-New Version that handles many duplicates and many unsorted more efficiently posted.

 

 

 

 

X-tension

 

...
Continue reading
497 Hits
0 Comments

New version of X-Tension

New version of X-Tension
3.6.2.a http://1drv.ms/1rrCJ7s
Changes
-adds the functionality to create a picture/video library.
-adds the ability to extract pictures or movies that are type status of 'not confirmed'
(this was added as there are so many variations of avi formats, that even some valid working movies were not 'confirmed')
If the user does not want these files, they can be filtered out and the X-Tension run excluding filtered or excluded files

519 Hits
0 Comments

XWF II and III...

...are a little late coming out due to an emergency...but will be published soon.  sorry for the delay.

651 Hits
0 Comments

BlockHasher for XWF

Yet another cool XWF utility!

 

BlockHasher

 

 

http://d-forensik.de/download/

[caption id="attachment_630" align="aligncenter" width="700" class=" "]blockhash

 

 

...
Continue reading
410 Hits
0 Comments

X-Ways MD5 Hash Manipulator

Another cool utility for X-Ways!

 

X-Ways MD5 Hash Manipulator

 

 

hash

 

 

...
Continue reading
654 Hits
0 Comments

X-Ways Forensics Practitioner's Guide Online II

For all  XWF I registrations prior to July 17, 2014, you will receive a code for 100% off the XWF II course shown below at the email you registered.  The deadline to register in order to receive the 100% discount code for XWF II is July 17, 2014, after which, the course is available for purchase without a discount.

These are on-demand courses and you have lifetime access to both courses (XWF I and XWF II).  There will be an XWF III course released during the summer, all who register before July 17, 2014 will receive another 100% off discount code for XWF III.  So, for the purchase of XWF I by July 17, you will have lifetime access to XWF I, XWF II and XWF III.

XWF II will be released after the discount codes currently given have expired in a few weeks.  The general discount code for 25% off is:   xwf1

Members of HTCC, IACIS, and CTIN have received a 30% discount code in their e-mail.  If you are a member and did not receive the code, check your e-mail, it should be there.  If you belong to a high tech crime group not listed, This email address is being protected from spambots. You need JavaScript enabled to view it. and I can send a 30% code to your association.  Otherwise, feel free to use the 25% discount code.

xwfii

649 Hits
0 Comments

X-Ways Forensics Online Training

I created an X-Ways Forensics online training course at http://courses.dfironlinetraining.com/x-ways-forensics-practitioners-guide.  This course, X-Ways Forensics Practitioner's Guide Online I is introductory to using X-Ways Forensics, but it covers more than enough to cover most of the use of X-Ways in a case.

The XWF II course goes into great detail with more information on using XWF in different scenarios and some more highly specific functions.  Although the course is based on the book, it is not the book, nor is it the X-Ways Forensics classroom training.  It is however, the least expensive and fastest way to get up to speed on X-Ways Forensics :)

There is a 25% discount code you can use "xwf1" that is good until July 17.  Everyone that registers before July 17 receives a separate discount code of 100% for the XWF II online course that will be released as soon as this discount period ends.  Both courses are the same cost, but the discount is valid only until July 17.

If you can't attend the X-Ways AG classroom training due to cost or time, this online training fits both your pocketbook and daily schedule.

http://www.youtube.com/watch?v=EQ_wwSBD8gc

471 Hits
0 Comments

New X-Tension: Up to 30GB min speeds on SSD drives!

A new X-Tension, "C4All" is available for download (free) at http://www.x-ways.net/forensics/x-tensions/index.html.  C4All is used to categorize pictures and videos, processing skin tone and video stills.  Speeds up to 30GB min speeds on SSD drives have been observed.

free css template

If you are an X-Ways user, this is one of those cool "little" things that will make you excited.

358 Hits
0 Comments

WinFE (and of course, XWF)

Taking WinFE to even another level on a multiboot thumbdrive.  Very cool, but I spread this word to you because there are few things in life neater than a forensically bootable CD/USB with X-Ways Forensics.

From Hacking Exposed: Adding the WinFE Image to the Multiboot Thumbdrive Image (Video)


http://www.youtube.com/watch?v=Ce9eQ0OG2jA

http://hackingexposedcomputerforensicsblog.blogspot.com/2014/02/daily-blog-248-adding-winfe-image-to.html

331 Hits
0 Comments

A gathering of the X-Ways users in Australia

The X-Ways Users Conference is here in a few weeks.  My kind of conference: Australia and fellow X-Ways users! 

 

Maybe next year for me...but it sure would make for a good vacation, I mean, training trip.

 

 

...
Continue reading
551 Hits
0 Comments

Another reason to use, try, or at least just learn about XWF

Not that many years ago, you would not find a requirement of having experience with X-Ways to apply for a DFIR job.   But now, some jobs recommend it and yet some others require it.  This is not to say the other big players (Encase, Accessdata, etc..) are not needed or useful, just that XWF has made it to the same level at a price point that will probably not be beat with capabilities that still outpace other tools.

So......it makes sense to know a little about the tool that might put you over the edge for that next job.  Of course, you need to be competent too, but like I've said before, "beware the examiners that use X-Ways Forensics because they probably know what they are doing."

one two three

For the future XWF users, check out www.x-ways.net for some details, download and read a quick guide, and when you move forward with XWF, buy the book :)

 

388 Hits
0 Comments

No surprise. XWF does something other tools don't

From a twitter post, a cool video on imaging with X-Ways noted (13:50) as doing something other tools don't.  The entire video is actually pretty good too.

xwf

http://youtu.be/zYYCv21I-1I

379 Hits
4 Comments

Cool update to the XWFIM, Portable Install

Eric is at it again.  This time with a pretty cool update to the X-Ways Forensics Install Manager (v0.0.7.0).  The update to the XWFIM now includes an option to create a portable install to external media.   Page 13 of the Practitioner's Guide to X-Ways Forensics details how to do this manually, but XWFIM does it for you with a few clicks.

portable Easy enough


 

drive letter Cool! Notepad++ and Volume Label renamed.


 

result Bam! Done.


 

Another cool little feature is that the XWFIM creates all the case folders for you in the process of the portable install.  Neat.

folder I like this. Saves a few keystrokes and I'm all about saving keystrokes.


 

Don't forget, if you liked the Practitioner's Guide to X-Ways Forensics, write a review on Amazon to let us know how you liked it (or if you didn't...).  And if you use XWF and didn't buy the guide...you are missing out on more than a few tips and tricks that will save you dozens of keystrokes.

376 Hits
0 Comments

X-Ways Forensics Install Manager

I cannot imagine anyone who uses XWF not having Eric Zimmerman's XWFIM.   Every time I use it, I wonder how I did without it.  XWFIM is available through the XWF support forum.  It's free, but you need a license for XWF to get it.

Eric constantly adds little things to it, much like Stefan adds 'little' things to X-Ways Forensics.  One of the latest little additions is the selection box to "Include pre-release versions" which is pretty cool.

xwfim

 

And if you haven't bought the XWF Guide yet and you use the XWFIM, just click the book's graphic and you can have the guide on your Kindle in about 30 seconds.

xwfim2

921 Hits
1 Comment

X-Ways Forensics Imaging Article

In case you missed an article on X-Ways Forensics Imaging (page 40), you can download a free copy of the issue of eforensicsmag here:  http://eforensicsmag.com/jumpstart-3-free/

[caption id="attachment_471" align="aligncenter" width="379"]XWF Imaging You may like the WinFE article too...I know the guy that wrote that article...
 

brief


The article is an overview of imaging with X-Ways Forensics, which is covered in more detail in the XWF Guide.   If you haven't bought the guide yet and are on the fence on whether XWF is right for you, check out the article on the one feature of imaging and I am sure you will not be on the fence anymore.

[caption id="attachment_347" align="aligncenter" width="243"]Xways-Cover I use this guide myself...and I was a coauthor!

 

 

 

...
Continue reading
377 Hits
0 Comments

X-PERT Certification Program

Been using X-Ways Forensics for a while now, have ya?  Been to an X-Ways training class?  Then consider getting certified by X-Ways as an expert (X-PERT) in XWF.

X-PerThttp://www.x-pert.eu/


Be sure to set aside time, have your XWF Guide at your side, and dive right in.  It's a real forensics exam that if you pass, have a certificate that actually means you know what you are doing with X-Ways.

461 Hits
0 Comments