I had the pleasure of talking to a group of high schoolers about digital forensics recently. After showing some neat things to get interest, the fun really started with getting hands-on demonstrations. I decided to use X-Ways Forensics for the hands-on fun (tip: be sure to register your dongles with X-Ways Forensics insurance feature).

Since the talk time was limited, I broke X-Ways Forensics down to three things:

  1. Add the source
  2. Process the data
  3. Find the evidence

Breaking a topic into three parts makes it easier to understand and learn, especially for new, complex, or new and complex topics. X-Ways Forensics can certainly fit in the new and complex area. However, when you look at X-Ways Forensics or any digital forensics application, they all break down into the same three functions of adding the source, processing the data, and finding the evidence. Actually, if you can break down anything you teach into three parts, you'll be more effective in getting your topics across to your audience (be it a supervisor or an auditorium of students).

Based on these three functions, I created a X-Ways Forensics cheat sheet for the students which I think will benefit anyone using X-Ways Forensics. What I wanted to show visually is that there are “x” ways of using X-Ways Forensics. For many of the functions, you can get there in one, two, three, four, or more different routes (via menu, icon, right click, command line, x-tensions, shortcuts, or etc…).

Perhaps this is a reason why X-Ways Forensics seems to be initially overwhelming, but when looked at differently, will is seen as not “how do you make sense of this”, but more as “of course this is how it works”.  This is how I look at any software, especially DFIR software since few are overtly designed to be intuitive, and some appear to be designed intentionally as counter-intuitive.

How to learn X-Ways Forensics

Self-learning can be painful and slow. For anyone thinking about using X-Ways Forensics, or wanting to learn more about it if they are currently using it, here are suggestions ranked from free to not-free to do.

Half price registration expires August 29, 2018.  (30 day access) Over 13 hours with a certificate of completion!