Brett's Blog

Just some ramblings.

Reminder for the last discount for the X-Ways Forensics Practitioner’s Guide Online and On demand course.

If you were thinking of doing it, this is the best time since the $599 online course will only be at a discount of 60% for less than two weeks (until Dec 31, 2016) for only $235.  PLUS, registering before December 31, 2016 gets you a print copy of the book, the X-Ways Forensics Practitioner’s Guide shipped to you. Unfortunately, the book is only included for US/Canada registrants since shipping a book outside the USA or Canada costs more than the book.  Shipping to some countries costs more than the entire X-Ways online course costs.  I’m happy to ship a copy, but the shipping fees must be added.  Best bet is to order a book online that delivers locally without extreme duty fees.

Register with the 60% discount using this URL: 

Just a few notes on the online XWF course based on emails I have received:

Time limit:  You have a year to view the course as often as you want.

Software: Not included.  You don’t need it for the course, but I think you’ll want to have a license.  If you want to know how XWF compares to other tools, you can get 12 hours of instruction showing how it works and much of what it can do.  Once you start using XWF, you’ll begin to see that it can do a lot more than what the manual or any course can teach. 

...
Continue reading
390 Hits
0 Comments

X-Ways Forensics Sucks….

…only with decryption, and even at that, it does everything else superbly.

I probably caught your attention if you are an X-Ways Forensics user.  The only thing that sucks about X-Ways Forensics is that it doesn’t do encryption.  By “doing encryption”, I mean that it doesn’t decrypt encrypted files or systems.  Besides that one aspect of forensic work, X-Ways Forensics rules.

**UPDATED X-WAYS FORENSICS PRACTITIONER’S GUIDE ONLINE COURSE**

I completely updated and extended an online course based on my book, the “X-Ways Forensics Practitioner’s Guide”.  It has taken some time to create a course that has 95% of what you need to use X-Ways Forensics without being an overly long instruction of the software.  The remaining 5% changes every week or so with new features and updates added by X-Ways.  This course covers X-Ways Forensics up to version 19, but know that X-Ways will be adding new features every week that aren’t included in this course yet.  After enough ‘little’ features and improvements have been added, more content to the course will be added as well.

Here is the gist of this post

...
Continue reading
845 Hits
0 Comments

Vote for your favorite book

Don’t forget to vote for the XWF Guide at http://forensic4cast.com/2014/04/2014-forensic-4cast-awards-meet-the-nominees/.  But of course, only vote if you liked it :)

And if you didn’t like it (which means you don’t have XWF…), vote for my other book, Placing the Suspect Behind the Keyboard.  But again, only vote if you liked it :)

And if you didn’t like that book either…give me your phone number.  We need to talk…

525 Hits
0 Comments

Vote for your favorite book.

Don’t forget to vote for the XWF Guide at http://forensic4cast.com/2014/04/2014-forensic-4cast-awards-meet-the-nominees/.  But of course, only vote if you liked it :)

And if you didn’t like it (which means you don’t have XWF…), vote for my other book, Placing the Suspect Behind the Keyboard.  But again, only vote if you liked it :)

And if you didn’t like that book either…give me your phone number.  We need to talk…

428 Hits
0 Comments

Humbled and honored

[caption id="568" align="alignleft" width="150"]4cast Forensic 4cast Awards


I just saw that the book of the year nominees at the Forensic 4cast Awards include both the X-Ways Practitioner's Guide and Placing the Suspect Behind the Keyboard.  For those that made the nominations, that was very kind.  For those that vote for either book, I thank you in advance.

Both books are pretty good.  Each gives plenty of tips and information to save you hours of frustration, and more importantly, close some cases.  There is a sample chapter of Placing the Suspect Behind the Keyboard here: http://searchsecurity.techtarget.com/feature/Placing-the-Suspect-Behind-the-Keyboard  There are reviews at Amazon for both books that may be helpful if you were thinking of getting either book.

If you use X-Ways.....you need the X-Ways Guide, no matter how long you have been using X-Ways.  When I asked Eric to help me write this book, he ran with it and did a super job of helping create an easy to read guide to using a very powerful forensic tool.  I have more than a ton of emails of how the book converted Encase/FTK primary users into XWF primary users.

As for the Placing the Suspect Behind the Keyboard, that has also helped more than a few examiners close a case with a simple (yet elusive) tip, trick, method, or process that saves hours, if not days, of work.  Again, even if you have been doing forensics for a long time, nothing says you can't learn or relearn something you may not know or have forgotten.

Thanks again to everyone.

Brett

 

392 Hits
0 Comments

XWF Guide translations

There is a possibility that the XWF Guide may be translated into Chinese and Korean.  That would be pretty cool.  I can at least look at the pictures :)

Image  Image

307 Hits
0 Comments

Another discount on the XWF Guide at $37.96

Xways-Cover Click to order from Amazon (lowest price available for now)


Amazon reduced the price.  Grab it before it goes up (again).

Regarding companion materials to go along with the book, please comment on the blog, or send an email, with suggestions you would like to see.  So far, there will be one image that will be used to use with examples in the book.  As far as a demo of XWF...that's probably not going to happen...

You can tell that X-Ways Forensics has made it into the market when so many DFIR job requirements list X-Ways Forensics as one of the 'big 3' tools to know to apply.

For those that are tinkering with writing X-Tensions, the documentation at the x-ways.net site was just updated on Sept 27.  Don't forget to send your x-tension to X-Ways to share with all of us, just like Mom told you when you were little.

It's also becoming more common to see statements like these: "The only tool I've currently tested that parses the user name is X-Ways Forensics, so it may be necessary to manually parse this record if you don't have a tool that will do it for you." - https://rstforums.com/forum/75954-ms-excel-biff-metadata-last-opened.rst

372 Hits
0 Comments

Cool. Download the XWF Guide to your iPad, iPhone, iTouch, or iPod

Image

https://itunes.apple.com/us/book/x-ways-forensics-practitioners/id694171610?mt=11

627 Hits
0 Comments

X-Ways Users Conference

cbitVery cool.  Meet Eric Zimmerman and Craig Ball at The Inaugural Australian X-Ways Users Conference in Canberra in March 2014!

The best part...you get a copy of the XWF Guide :)

 

 

]Xways-Cover If you can't make it to this conference, get the book!
Click to order, Amazon still has the best price.

 

 

 

 

...
Continue reading
393 Hits
0 Comments

Elsevier SciTechConnect

SciTechConnect http://scitechconnect.elsevier.com/


Our publisher has a new blog written by their authors.  So, for all of us that read books by Syngress (an imprint of Elsevier), you may find your favorite authors writing about something of interest.  Although it is yet another blog, it's also a little different being that it one place with their authors writing posts about the books we read.

And of course, the X-Ways Guide has a post too...

335 Hits
0 Comments

The XWF Guide discount ship has sailed

Image

But, Amazon still has the discount as of right now!  My guess is that Amazon will be ending their 40% discount since the publisher ended their sale.  So you may not have missed the boat yet, but you may want to hurry.

 

Order from Amazon.com at  "X-Ways Forensics Practitioner's Guide"

 

459 Hits
0 Comments

Now this is good.

Image

https://twitter.com/Cheeky4n6Monkey/status/362370487113879554/photo/1

 

525 Hits
1 Comment

XWF Practitioner's Guide Date Change

Sometimes, a date change is a bad thing.  But this time, it's a good thing.

Image

Looks like we are way ahead of schedule going to print.  With the publisher's efforts (Syngress) combined with the speed of testing, writing, and editing talents of Eric Zimmerman, Jimmy Weg, and Stefan Fleischmann, we have pushed the print date from February 2014 up to August 2, 2013.  Now that has to make someone happy.

332 Hits
0 Comments

Take the XWF class or buy the book?

Regarding a post on twitter asking if training from X-Ways is worth it or just buy the book, I’d have to say taking the training is a good solution.  And so is buying the book.

I favor training for almost everything (easier to learn from other’s mistakes…).  I also favor reading to self-learn and as a reference when needed. 

I’ve personally taken XWF training on more than one occasion, and know others that have taken the training more than that.  Each time, there is something new that you learn, just like with any class I’m sure.  I did not regret taking the training as it did make the transition to XWF easier.  Although, if there were a book on XWF at the time, I would have bought it and still went to training.

I think it comes down to (1) time, (2) money, and (3) self-learning ability.  If you can afford the training and afford the time off from work, why not take the training?  You can still buy the book for a reference because you will most certainly like to have it when using XWF.  But, if the cost of training, loss of time (vacation or you just need to get things done at work) is too much, you will still learn a lot with the book, more than enough to competently use XWF.

We have written the book (working on the last chapter now…) in a manner that if you have not taken the training, you will be able to use XWF, in a step-by-step instruction, including how to use in specific types of cases.  It is also written as a reference guide.  Need to know what shortcut opens the directory browser window? We have a section on all shortcuts?  Need to know the different ways to create an image, or container, or skeleton image? We have a chapter on that?  Curious what a specific checkbox selection does?  We have that detailed.  Need to know how to use XWF in ediscovery? We have something on that too.  So, for those that like to tinker with software to learn how to use it, meaning…pushing buttons to figure it out, this book is for you.  Some like sitting in a class.  Some like figuring it out themselves.  As far as the training put on by X-Ways, they do a good job and you get your money's worth with the amount of information.   They do not stretch 8 hours into a week.  They cram 40 hours of information into 20 hours.

401 Hits
2 Comments

Case Studies

Here are some of the case studies we are working on for our current and last chapter:

Image

  • Electronic Discovery (IP theft, document collection, contract antedating)
  • Consent Searches (triage/preview)
  • Parole Searches (triage/preview)
  • Malicious Software
  • Intrusion
  • Fraud
  • Child Pornography
  • Cell phone analysis

Several of these are being submitted by contributors, and all are to be detailed using XWF and suggested case flow processes.  Contributors to be duly noted (as much as they allow).

420 Hits
0 Comments

Starting the last chapter!

We are starting the last chapter (Case Studies) and have a few contributors already for case examples.  We'll gladly take more as we want to have a wide range of case studies using X-Ways.

Image

For everyone waiting, we are finishing the book much earlier than we had planned, only because it has been a smooth process with the authors (Brett and Eric), the Tech Editor (Jimmy), and publisher (agreeing to push up the schedule to keep up with us!).

We've also had offers of translating the book into other languages, and are visiting that topic.  So far, maybe French...suggestions for others?

383 Hits
3 Comments

Chapter 6 is wrapping up!

Chapter 6 is all about searching in X-Ways Forensics. Chapter 6 has the following sections:


  • Introduction

  • Simultaneous Search

  • Regular expressions

  • GREP and regular expressions in XWF

  • Indexed search

  • Reviewing search hits

  • Text search

  • Hexadecimal search

  • Shortcuts

  • Conclusion


  •  


As of right now, the chapter is 52 pages long and consists of 9,041words.

UPDATE: The chapter is to tech review and weighs in at 54 pages consisting of 9,660 words.

343 Hits
0 Comments