Click to order from Amazon (lowest price available for now)


Amazon reduced the price.  Grab it before it goes up (again).

Regarding companion materials to go along with the book, please comment on the blog, or send an email, with suggestions you would like to see.  So far, there will be one image that will be used to use with examples in the book.  As far as a demo of XWF...that's probably not going to happen...

You can tell that X-Ways Forensics has made it into the market when so many DFIR job requirements list X-Ways Forensics as one of the 'big 3' tools to know to apply.

For those that are tinkering with writing X-Tensions, the documentation at the x-ways.net site was just updated on Sept 27.  Don't forget to send your x-tension to X-Ways to share with all of us, just like Mom told you when you were little.

It's also becoming more common to see statements like these: "The only tool I've currently tested that parses the user name is X-Ways Forensics, so it may be necessary to manually parse this record if you don't have a tool that will do it for you." - https://rstforums.com/forum/75954-ms-excel-biff-metadata-last-opened.rst

I'm sure you have tested your WinFE (if not, that means you have not yet used it in a real case....).  If you have, take a look at a draft of tests at http://minixp.reboot.pro/other/WinFE/winfe.htm.  This link will change soon, but I will update it as soon as it changes.  Until then, you can catch it now.

For anyone that has not yet tested their WinFE, this would be a good foundation to build your tests and validation on.  For anyone that doesn't believe in validating your tools, that is totally a personal choice (although, not my choice).

I'm in the process of creating working materials to go along with the XWF Guide in the form of exercises and test images.  I expect to be finished in 2014 or 2015 or ...(it all depends on time available).  The materials will be freely available but will really only work best with the XWF Guide.  And yes, I know I can use images already available, like at http://digitalcorpora.org/corpora/disk-images, but these datasets will be made to demonstrate all the neat things detailed in the XWF Guide.

One thing I'd like to point out regarding an issue with creating forensic images when giving images to students that contain data may violate the EULA if distributed. Files like commercial programs and operating systems.  Anyone that deals with this in training will be happy with how XWF can be used to address this problem.

With the "Cleansed Image" option of XWF, simply exclude/hide any and all files that would violate any privacy concerns or EULA violations before creating the image. Then create the image :)

This gives you a complete (minus excluded files) disk image without worrying about violating a EULA.  You could do this the hard way by using WinHex to overwrite every single file in question.  Or you can mass exclude files in one fell swoop with XWF and bam.  Image done.  Now you have something to give out to your class.

I've always wondered why some instructors give out complete images of a single system and make the student "promise" not to distribute the files...that is a bit too trusting in my opinion.   And come on, you know who you are...

<and I'll leak a little information from the book on the cleansed image feature.  you can use this technique to remove private/privileged/protected data from an image to comply with a court order but can't produce specific protected data on the image.  an example being a civil case where you need to turn over an image to the opposing expert but have privileged files on the image. don't hex edit it, cleanse it!>

The XWF Guide has dozens of these kinds of tips and tricks, but you get one today for free.  Get the book for the rest of the tips and tricks, you will without a doubt, find something worthwhile that will save you hours or days of work.

https://itunes.apple.com/us/book/x-ways-forensics-practitioners/id694171610?mt=11

Very cool.  Meet Eric Zimmerman and Craig Ball at The Inaugural Australian X-Ways Users Conference in Canberra in March 2014!

The best part...you get a copy of the XWF Guide :)

 

 

] If you can't make it to this conference, get the book!
Click to order, Amazon still has the best price.

 

 

 

 

 

WinFE Twitter account compromised...now WinFE is following over a thousand new Twitter users...too bad none of those that are actually the kind of accounts to follow...clean up time...

We've gotten quite a bit of personal email feedback on the XWF Guide, and in one category at Amazon (Forensic Science), the XWF Guide ranks at #2.

There's been only one Amazon review, so let us know if you found the book helpful with a review on Amazon.  We will be very grateful for nice :) words, but we'll take any criticisms as well :(

Elsevier - Snygress has another sale, but this time it is 50% off.  You have only a few days to take advantage of it (I am...).  There is a limit of two books, so if you were looking for a second book to add, how about this one: http://store.elsevier.com/product.jsp?isbn=9781597499859&pagename=search

Ken Pryor wrote a very in-depth review of the XWF Guide.   Ken has a very informative DF blog and we're glad to have been mentioned in such detail.  Thank you Ken for the nice review.

Check out Ken's review at:  http://digiforensics.blogspot.com/2013/09/book-review-x-ways-forensics.html

And of course, here is a direct link to order the XWF Guide...

From Amazon

That's right, a free signed copy of the XWF Guide is yours, but only IF you can win the contest.

http://hackingexposedcomputerforensicsblog.blogspot.com/

On a related note, check out Eric's interview on his ongoing imaging tests on YouTube.

And the winner is....

http://hackingexposedcomputerforensicsblog.blogspot.com/2013/09/daily-blog-78-sunday-funday-9813-winner.html

So far, we've had a lot of positive feedback on the XWF Guide, so much so, that the second edition (should that happen) will have a few added things.  Like...a companion CD with sample data and slidedecks for classroom use.

However, before a second edition is started, this edition has to first be outdated by updates in XWF.

The bad news on a second edition is that we wrote the book to cover XWF for some time to come even with the expected updates that occur every month or so. That means a second edition isn't likely until we see a major change in XWF.

The good news on a second edition is that we wrote the book to cover XWF for some time to come even with the expected updates that occur every month or so.  That means this book will last you well into your expertise is solid with XWF.

For the college and university profs and instructors, we'd be glad to help review your slidedecks if you will be using the book in your course.  Potentially, we may be able to create a set of slidedecks (with help from those teaching) to make available to any schools using XWF).

[caption id="attachment_343" align="aligncenter" width="528"] Do you teach XWF in your college class? We'd be happy to help your slidedecks with reviews and suggestions if you need.

Not to put on any pressure, but I've been informed the XWF Guide is planned for reprint due to the preorder demand.  For those that preordered, that was a good idea, you may have your guide by now or it's in the mail.  For those that were waiting for the book to come out first instead of preordering, you may want to hurry.   I'm not sure how long it takes to reprint more books (that's like, beyond the guys that just type the words...).  Then again, you could always wait for the next go around for reprints...

Amazon still looks to have the best price, but only a few copies left before they have to order more.

The X-Ways Practitioner's Guide (Amazon)

**Update**

Looks like most have received their preorders, and those that waited late might have to wait again for a reprint.  Direct link to Amazon - XWF Guide.

http://scitechconnect.elsevier.com/


Our publisher has a new blog written by their authors.  So, for all of us that read books by Syngress (an imprint of Elsevier), you may find your favorite authors writing about something of interest.  Although it is yet another blog, it's also a little different being that it one place with their authors writing posts about the books we read.

And of course, the X-Ways Guide has a post too...

Looks like more Kindle readers than paperback readers.   Then again, it's easier to have the Kindle at your desk than a stack of books when you are fighting through hex, decoding registry values, and spilling coffee on the desk.

Direct link to order the Kindle:  X-Ways Guide - Kindle

Direct link to order the old fashioned book:  X-Ways Guide - Book