Case Management and Imaging

Abstract

This chapter explains case management, including creating a new case, working with existing cases, and creating and adding evidence to a case. After creating a case, a full explanation of X-Ways Forensics (XWF) capabilities in regard to imaging will be discussed including the imaging of hard drives and other medium in both running and “dead box” scenarios as well as physical memory. Finally, we discuss concepts such as creating and using XWF container files as well as rebuilding RAID arrays. We conclude this chapter by illustrating how we can use XWF with F-Response to interact fully with a wide variety of operating systems on an IP-based network.