X-Ways Forensics Practitioner’s Guide - 1st Edition - ISBN: 9780124116054, 9780124116221

X-Ways Forensics Practitioner’s Guide

1st Edition

Authors: Brett Shavers Eric Zimmerman
eBook ISBN: 9780124116221
Paperback ISBN: 9780124116054
Imprint: Syngress
Published Date: 28th August 2013
Page Count: 264
Tax/VAT will be calculated at check-out
58.95
36.99
45.95
Unavailable
File Compatibility per Device

PDF, EPUB, VSB (Vital Source):
PC, Apple Mac, iPhone, iPad, Android mobile devices.

Mobi:
Amazon Kindle eReader.

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

The X-Ways Forensics Practitioner's Guide is more than a manual-it's a complete reference guide to the full use of one of the most powerful forensic applications available, software that is used by a wide array of law enforcement agencies and private forensic examiners on a daily basis.

In the X-Ways Forensics Practitioner's Guide, the authors provide you with complete coverage of this powerful tool, walking you through configuration and X-Ways fundamentals, and then moving through case flow, creating and importing hash databases, digging into OS artifacts, and conducting searches.

With X-Ways Forensics Practitioner's Guide, you will be able to use X-Ways Forensics to its fullest potential without any additional training. The book takes you from installation to the most advanced features of the software. Once you are familiar with the basic components of X-Ways, the authors demonstrate never-before-documented features using real life examples and information on how to present investigation results. The book culminates with chapters on reporting, triage and preview methods, as well as electronic discovery and cool X-Ways apps.

Key Features

  • Provides detailed explanations of the complete forensic investigation processe using X-Ways Forensics.
  • Goes beyond the basics: hands-on case demonstrations of never-before-documented features of X-Ways.
  • Provides the best resource of hands-on information to use X-Ways Forensics.

Readership

Information Security professionals of all levels, digital forensic examiners and investigators, InfoSec consultants, attorneys, law enforcement officers. Also can sell to forensic training vendors, government training courses, universities, and high-tech crime associations.

Table of Contents

Acknowledgments

About the Authors

Foreword

Introduction

Introduction

Summary

Chapter 1. Installation and Configuration of X-Ways Forensics

Information in this chapter

Introduction

System requirements

Installing XWF

The XWF dongle

The XWF user interface

Configuring XWF

Summary

Reference

Chapter 2. Case Management and Imaging

Information in this chapter

Introduction

Creating a case file

Creating/Adding evidence files

Creating forensic images with XWF

Reverse imaging

Skeleton imaging

Cleansed imaging

CD/DVD

Physical memory imaging

Container files

Working with RAID arrays

Augmenting with F-Response

Shortcuts

Summary

Chapter 3. Navigating the X-Ways Forensics Interface

Information in this chapter

Introduction

Case Data directory tree

Toolbar, tab control, and directory browser options, filters

Directory browser

Mode buttons and Details pane

Status bar

Main menu

General options continued

Volume snapshot options

Viewer programs options continued

Security options

Shortcuts

Summary

Chapter 4. Refine Volume Snapshot

Information in this chapter

Introduction

Volume snapshot options

Starting RVS

RVS options

Results of an RVS

Shortcuts

Summary

Reference

Chapter 5. The XWF Internal Hash Database and the Registry Viewer

Information in this chapter

Introduction

XWF internal hash database and hash sets

The registry through X-Ways forensics

The XWF registry viewer

The XWF registry report

Shortcuts

Summary

Chapter 6. Searching in X-Ways Forensics

Information in this chapter

Introduction

Simultaneous search

Regular expressions

GREP and regular expressions in XWF

Indexed search

Reviewing search hits

Text search

Hexadecimal search

Shortcuts

Summary

Chapter 7. Advanced Use of X-Ways Forensics

Information in this chapter

Introduction

Customizing X-Ways Forensics configuration files

Maneuvering in hex

Timeline and event analysis

Gathering free and slack space

RAM analysis

Scripting, X-Tensions API, and external analysis interface

Shortcuts

Summary

Chapter 8. X-Ways Forensics Reporting

Information in this chapter

Introduction

Adding items to a report table

Comments

Report generation

Report customization

Shortcuts

Summary

Chapter 9. X-Ways Forensics and Electronic Discovery

Information in this chapter

Introduction

Civil litigation

Review of relevant data with X-Ways investigator

Summary

Reference

Chapter 10. X-Ways Forensics and Criminal Investigations

Information in this chapter

Introduction

X-Ways Forensics and criminal investigations

Summary

Reference

Appendix A. X-Ways Forensics Additional Information

Introduction

Online resources

Keyboard shortcuts

Appendix B. X-Ways Forensics How to’s

Frequently asked questions and more XWF tips

Index

Details

No. of pages:
264
Language:
English
Copyright:
© Syngress 2014
Published:
Imprint:
Syngress
eBook ISBN:
9780124116221
Paperback ISBN:
9780124116054

About the Author

Brett Shavers

Brett Shavers is a former law enforcement officer of a municipal police department. He has been an investigator assigned to state and federal task forces. Besides working many specialty positions, Brett was the first digital forensics examiner at his police department, attended over 2000 hours of forensic training courses across the country, collected more than a few certifications along the way, and set up the department’s first digital forensics lab in a small, cluttered storage closet.

Affiliations and Expertise

Digital Forensics Practitioner, expert witness, and Adjunct Instructor, University of Washington Digital Forensics program

Eric Zimmerman

Eric Zimmerman has been involved with computers in some form or fashion since the days of the Commodore 64. Eric holds a Bachelor of Science in Computer Science. In 2007, Eric started working for a federal law enforcement agency as a Special Agent.

Affiliations and Expertise

Eric Zimmerman is a digital forensics examiner, investigator and programmer.

Awards

2014 Digital Forensics Book of the Year , SANS Digital Forensics and Incident Response Summit 2014

Reviews

"...good reference manual for anyone who wants to learn more about the XWF software...also highly recommended for expert forensics specialists who want to utilize the fullest potential of the XWF software tools."--Journal of Digital Forensics, Security and Law,Vol 9, No 3