X-Ways Forensics Practitioner’s Guide
View on ScienceDirect

X-Ways Forensics Practitioner’s Guide

1st Edition - August 10, 2013

Write a review

  • Authors: Brett Shavers, Eric Zimmerman
  • eBook ISBN: 9780124116221
  • Paperback ISBN: 9780124116054

Purchase options

Purchase options
DRM-free (Mobi, PDF, EPub)
eBook Format Help
Available
Sales tax will be calculated at check-out

Institutional Subscription

Support CenterReturns & Refunds
Free Global Shipping
No minimum order

Description

The X-Ways Forensics Practitioner's Guide is more than a manual-it's a complete reference guide to the full use of one of the most powerful forensic applications available, software that is used by a wide array of law enforcement agencies and private forensic examiners on a daily basis. In the X-Ways Forensics Practitioner's Guide, the authors provide you with complete coverage of this powerful tool, walking you through configuration and X-Ways fundamentals, and then moving through case flow, creating and importing hash databases, digging into OS artifacts, and conducting searches. With X-Ways Forensics Practitioner's Guide, you will be able to use X-Ways Forensics to its fullest potential without any additional training. The book takes you from installation to the most advanced features of the software. Once you are familiar with the basic components of X-Ways, the authors demonstrate never-before-documented features using real life examples and information on how to present investigation results. The book culminates with chapters on reporting, triage and preview methods, as well as electronic discovery and cool X-Ways apps.

Key Features

  • Provides detailed explanations of the complete forensic investigation processe using X-Ways Forensics.
  • Goes beyond the basics: hands-on case demonstrations of never-before-documented features of X-Ways.
  • Provides the best resource of hands-on information to use X-Ways Forensics.

Readership

Information Security professionals of all levels, digital forensic examiners and investigators, InfoSec consultants, attorneys, law enforcement officers. Also can sell to forensic training vendors, government training courses, universities, and high-tech crime associations.

Table of Contents

  • Acknowledgments

    About the Authors

    Foreword

    Introduction

    Introduction

    Summary

    Chapter 1. Installation and Configuration of X-Ways Forensics

    Information in this chapter

    Introduction

    System requirements

    Installing XWF

    The XWF dongle

    The XWF user interface

    Configuring XWF

    Summary

    Reference

    Chapter 2. Case Management and Imaging

    Information in this chapter

    Introduction

    Creating a case file

    Creating/Adding evidence files

    Creating forensic images with XWF

    Reverse imaging

    Skeleton imaging

    Cleansed imaging

    CD/DVD

    Physical memory imaging

    Container files

    Working with RAID arrays

    Augmenting with F-Response

    Shortcuts

    Summary

    Chapter 3. Navigating the X-Ways Forensics Interface

    Information in this chapter

    Introduction

    Case Data directory tree

    Toolbar, tab control, and directory browser options, filters

    Directory browser

    Mode buttons and Details pane

    Status bar

    Main menu

    General options continued

    Volume snapshot options

    Viewer programs options continued

    Security options

    Shortcuts

    Summary

    Chapter 4. Refine Volume Snapshot

    Information in this chapter

    Introduction

    Volume snapshot options

    Starting RVS

    RVS options

    Results of an RVS

    Shortcuts

    Summary

    Reference

    Chapter 5. The XWF Internal Hash Database and the Registry Viewer

    Information in this chapter

    Introduction

    XWF internal hash database and hash sets

    The registry through X-Ways forensics

    The XWF registry viewer

    The XWF registry report

    Shortcuts

    Summary

    Chapter 6. Searching in X-Ways Forensics

    Information in this chapter

    Introduction

    Simultaneous search

    Regular expressions

    GREP and regular expressions in XWF

    Indexed search

    Reviewing search hits

    Text search

    Hexadecimal search

    Shortcuts

    Summary

    Chapter 7. Advanced Use of X-Ways Forensics

    Information in this chapter

    Introduction

    Customizing X-Ways Forensics configuration files

    Maneuvering in hex

    Timeline and event analysis

    Gathering free and slack space

    RAM analysis

    Scripting, X-Tensions API, and external analysis interface

    Shortcuts

    Summary

    Chapter 8. X-Ways Forensics Reporting

    Information in this chapter

    Introduction

    Adding items to a report table

    Comments

    Report generation

    Report customization

    Shortcuts

    Summary

    Chapter 9. X-Ways Forensics and Electronic Discovery

    Information in this chapter

    Introduction

    Civil litigation

    Review of relevant data with X-Ways investigator

    Summary

    Reference

    Chapter 10. X-Ways Forensics and Criminal Investigations

    Information in this chapter

    Introduction

    X-Ways Forensics and criminal investigations

    Summary

    Reference

    Appendix A. X-Ways Forensics Additional Information

    Introduction

    Online resources

    Keyboard shortcuts

    Appendix B. X-Ways Forensics How to’s

    Frequently asked questions and more XWF tips

    Index

Product details

  • No. of pages: 264
  • Language: English
  • Copyright: © Syngress 2013
  • Published: August 10, 2013
  • Imprint: Syngress
  • eBook ISBN: 9780124116221
  • Paperback ISBN: 9780124116054

About the Authors

Brett Shavers

Brett Shavers is a former law enforcement officer of a municipal police department. He has been an investigator assigned to state and federal task forces. Besides working many specialty positions, Brett was the first digital forensics examiner at his police department, attended over 2000 hours of forensic training courses across the country, collected more than a few certifications along the way, and set up the department’s first digital forensics lab in a small, cluttered storage closet.

Affiliations and Expertise

Digital Forensics Practitioner, expert witness, and Adjunct Instructor, University of Washington Digital Forensics program

Eric Zimmerman

Eric Zimmerman has been involved with computers in some form or fashion since the days of the Commodore 64. Eric holds a Bachelor of Science in Computer Science. In 2007, Eric started working for a federal law enforcement agency as a Special Agent.

Affiliations and Expertise

Eric Zimmerman is a digital forensics examiner, investigator and programmer.

Ratings and Reviews

Write a review

There are currently no reviews for "X-Ways Forensics Practitioner’s Guide"