Description

The X-Ways Forensics Practitioner's Guide is more than a manual-it's a complete reference guide to the full use of one of the most powerful forensic applications available, software that is used by a wide array of law enforcement agencies and private forensic examiners on a daily basis.

In the X-Ways Forensics Practitioner's Guide, the authors provide you with complete coverage of this powerful tool, walking you through configuration and X-Ways fundamentals, and then moving through case flow, creating and importing hash databases, digging into OS artifacts, and conducting searches.

With X-Ways Forensics Practitioner's Guide, you will be able to use X-Ways Forensics to its fullest potential without any additional training. The book takes you from installation to the most advanced features of the software. Once you are familiar with the basic components of X-Ways, the authors demonstrate never-before-documented features using real life examples and information on how to present investigation results. The book culminates with chapters on reporting, triage and preview methods, as well as electronic discovery and cool X-Ways apps.

Key Features

  • Provides detailed explanations of the complete forensic investigation processe using X-Ways Forensics.
  • Goes beyond the basics: hands-on case demonstrations of never-before-documented features of X-Ways.
  • Provides the best resource of hands-on information to use X-Ways Forensics.

Readership

Information Security professionals of all levels, digital forensic examiners and investigators, InfoSec consultants, attorneys, law enforcement officers. Also can sell to forensic training vendors, government training courses, universities, and high-tech crime associations.

Table of Contents

Acknowledgments

About the Authors

Foreword

Introduction

Introduction

Summary

Chapter 1. Installation and Configuration of X-Ways Forensics

Information in this chapter

Introduction

System requirements

Installing XWF

The XWF dongle

The XWF user interface

Configuring XWF

Summary

Reference

Chapter 2. Case Management and Imaging

Information in this chapter

Introduction

Creating a case file

Creating/Adding evidence files

Creating forensic images with XWF

Reverse imaging

Skeleton imaging

Cleansed imaging

CD/DVD

Physical memory imaging

Container files

Working with RAID arrays

Augmenting with F-Response

Shortcuts

Summary

Chapter 3. Navigating the X-Ways Forensics Interface

Information in this chapter

Introduction

Case Data directory tree

Toolbar, tab control, and directory browser options, filters

Directory browser

Mode buttons and Details pane

Status bar

Main menu

General options continued

Volume snapshot options

Viewer programs options continued

Security options

Shortcuts

Summary

Chapter 4. Refine Volume Snapshot

Information in this chapter

Introduction

Volume snapshot options

Starting RVS

RVS options

Results of an RVS

Shortcuts

Summary

Reference

Chapter 5. The XWF Internal Hash Database and the Registry Viewer

Information in this chapter

Introduction

XWF internal hash database and hash sets

The registry through X-Ways forensics

The XWF registry viewer

The XWF registry report

Shortcuts

Summary

Chapter 6. Searching in X-Ways Forensics

Informat

Details

No. of pages:
264
Language:
English
Copyright:
© 2014
Published:
Imprint:
Syngress
eBook ISBN:
9780124116221
Print ISBN:
9780124116054

About the authors

Brett Shavers

Brett Shavers is a former law enforcement officer of a municipal police department. He has been an investigator assigned to state and federal task forces. Besides working many specialty positions, Brett was the first digital forensics examiner at his police department, attended over 2000 hours of forensic training courses across the country, collected more than a few certifications along the way, and set up the department’s first digital forensics lab in a small, cluttered storage closet.

Affiliations and Expertise

Digital Forensics Practitioner, expert witness, and Adjunct Instructor, University of Washington Digital Forensics program

Eric Zimmerman

Eric Zimmerman has been involved with computers in some form or fashion since the days of the Commodore 64. Eric holds a Bachelor of Science in Computer Science. In 2007, Eric started working for a federal law enforcement agency as a Special Agent.

Affiliations and Expertise

Eric Zimmerman is a digital forensics examiner, investigator and programmer.

Awards

2014 Digital Forensics Book of the Year , SANS Digital Forensics and Incident Response Summit 2014

Reviews

"...good reference manual for anyone who wants to learn more about the XWF software...also highly recommended for expert forensics specialists who want to utilize the fullest potential of the XWF software tools."--Journal of Digital Forensics, Security and Law,Vol 9, No 3