You are previewing X-Ways Forensics Practitioner’s Guide.
O'Reilly logo
X-Ways Forensics Practitioner’s Guide

Book Description

The X-Ways Forensics Practitioner's Guide is more than a manual-it's a complete reference guide to the full use of one of the most powerful forensic applications available, software that is used by a wide array of law enforcement agencies and private forensic examiners on a daily basis.

In the X-Ways Forensics Practitioner's Guide, the authors provide you with complete coverage of this powerful tool, walking you through configuration and X-Ways fundamentals, and then moving through case flow, creating and importing hash databases, digging into OS artifacts, and conducting searches.

With X-Ways Forensics Practitioner's Guide, you will be able to use X-Ways Forensics to its fullest potential without any additional training. The book takes you from installation to the most advanced features of the software. Once you are familiar with the basic components of X-Ways, the authors demonstrate never-before-documented features using real life examples and information on how to present investigation results. The book culminates with chapters on reporting, triage and preview methods, as well as electronic discovery and cool X-Ways apps.



  • Provides detailed explanations of the complete forensic investigation processe using X-Ways Forensics.
  • Goes beyond the basics: hands-on case demonstrations of never-before-documented features of X-Ways.
  • Provides the best resource of hands-on information to use X-Ways Forensics.

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Acknowledgments
  6. About the Authors
  7. Foreword
  8. Introduction
    1. Introduction
    2. Summary
  9. Chapter 1. Installation and Configuration of X-Ways Forensics
    1. Information in this chapter
    2. Introduction
    3. System requirements
    4. Installing XWF
    5. The XWF dongle
    6. The XWF user interface
    7. Configuring XWF
    8. Summary
    9. Reference
  10. Chapter 2. Case Management and Imaging
    1. Information in this chapter
    2. Introduction
    3. Creating a case file
    4. Creating/Adding evidence files
    5. Creating forensic images with XWF
    6. Reverse imaging
    7. Skeleton imaging
    8. Cleansed imaging
    9. CD/DVD
    10. Physical memory imaging
    11. Container files
    12. Working with RAID arrays
    13. Augmenting with F-Response
    14. Shortcuts
    15. Summary
  11. Chapter 3. Navigating the X-Ways Forensics Interface
    1. Information in this chapter
    2. Introduction
    3. Case Data directory tree
    4. Toolbar, tab control, and directory browser options, filters
    5. Directory browser
    6. Mode buttons and Details pane
    7. Status bar
    8. Main menu
    9. General options continued
    10. Volume snapshot options
    11. Viewer programs options continued
    12. Security options
    13. Shortcuts
    14. Summary
  12. Chapter 4. Refine Volume Snapshot
    1. Information in this chapter
    2. Introduction
    3. Volume snapshot options
    4. Starting RVS
    5. RVS options
    6. Results of an RVS
    7. Shortcuts
    8. Summary
    9. Reference
  13. Chapter 5. The XWF Internal Hash Database and the Registry Viewer
    1. Information in this chapter
    2. Introduction
    3. XWF internal hash database and hash sets
    4. The registry through X-Ways forensics
    5. The XWF registry viewer
    6. The XWF registry report
    7. Shortcuts
    8. Summary
  14. Chapter 6. Searching in X-Ways Forensics
    1. Information in this chapter
    2. Introduction
    3. Simultaneous search
    4. Regular expressions
    5. GREP and regular expressions in XWF
    6. Indexed search
    7. Reviewing search hits
    8. Text search
    9. Hexadecimal search
    10. Shortcuts
    11. Summary
  15. Chapter 7. Advanced Use of X-Ways Forensics
    1. Information in this chapter
    2. Introduction
    3. Customizing X-Ways Forensics configuration files
    4. Maneuvering in hex
    5. Timeline and event analysis
    6. Gathering free and slack space
    7. RAM analysis
    8. Scripting, X-Tensions API, and external analysis interface
    9. Shortcuts
    10. Summary
  16. Chapter 8. X-Ways Forensics Reporting
    1. Information in this chapter
    2. Introduction
    3. Adding items to a report table
    4. Comments
    5. Report generation
    6. Report customization
    7. Shortcuts
    8. Summary
  17. Chapter 9. X-Ways Forensics and Electronic Discovery
    1. Information in this chapter
    2. Introduction
    3. Civil litigation
    4. Review of relevant data with X-Ways investigator
    5. Summary
    6. Reference
  18. Chapter 10. X-Ways Forensics and Criminal Investigations
    1. Information in this chapter
    2. Introduction
    3. X-Ways Forensics and criminal investigations
    4. Summary
    5. Reference
  19. Appendix A. X-Ways Forensics Additional Information
    1. Introduction
    2. Online resources
    3. Keyboard shortcuts
  20. Appendix B. X-Ways Forensics How to’s
    1. Frequently asked questions and more XWF tips
  21. Index