X-Ways Forensics Practitioner’s Guide

The X-Ways Forensics Practitioner's Guide is more than a manual-it's a complete reference guide to the full use of one of the most powerful forensic applications available, software that is used by a wide array of law enforcement agencies and private forensic examiners on a daily basis.

In the X-Ways Forensics Practitioner's Guide, the authors provide you with complete coverage of this powerful tool, walking you through configuration and X-Ways fundamentals, and then moving through case flow, creating and importing hash databases, digging into OS artifacts, and conducting searches.

With X-Ways Forensics Practitioner's Guide, you will be able to use X-Ways Forensics to its fullest potential without any additional training. The book takes you from installation to the most advanced features of the software. Once you are familiar with the basic components of X-Ways, the authors demonstrate never-before-documented features using real life examples and information on how to present investigation results. The book culminates with chapters on reporting, triage and preview methods, as well as electronic discovery and cool X-Ways apps.

• Provides detailed explanations of the complete forensic investigation processe using X-Ways Forensics.
• Goes beyond the basics: hands-on case demonstrations of never-before-documented features of X-Ways.
• Provides the best resource of hands-on information to use X-Ways Forensics.

Information Security professionals of all levels, digital forensic examiners and investigators, InfoSec consultants, attorneys, law enforcement officers. Also can sell to forensic training vendors, government training courses, universities, and high-tech crime associations.

Acknowledgments

About the Authors

Foreword

Introduction

Introduction

Summary

Chapter 1. Installation and Configuration of X-Ways Forensics

Information in this chapter

Introduction

System requirements

Installing XWF

The XWF dongle

The XWF user interface

Configuring XWF

Summary

Reference

Chapter 2. Case Management and Imaging

Information in this chapter

Introduction

Creating a case file

Creating/Adding evidence files

Creating forensic images with XWF

Reverse imaging

Skeleton imaging

Cleansed imaging

CD/DVD

Physical memory imaging

Container files

Working with RAID arrays

Augmenting with F-Response

Shortcuts

Summary

Chapter 3. Navigating the X-Ways Forensics Interface

Information in this chapter

Introduction

Case Data directory tree

Toolbar, tab control, and directory browser options, filters

Directory browser

Mode buttons and Details pane

Status bar

Main menu

General options continued

Volume snapshot options

Viewer programs options continued

Security options

Shortcuts

Summary

Chapter 4. Refine Volume Snapshot

Information in this chapter

Introduction

Volume snapshot options

Starting RVS

RVS options

Results of an RVS

Shortcuts

Summary

Reference

Chapter 5. The XWF Internal Hash Database and the Registry Viewer

Information in this chapter

Introduction

XWF internal hash database and hash sets

The registry through X-Ways forensics

The XWF registry viewer

The XWF registry report

Shortcuts

Summary

Chapter 6. Searching in X-Ways Forensics

Informat