Elsevier - Snygress has another sale, but this time it is 50% off.  You have only a few days to take advantage of it (I am...).  There is a limit of two books, so if you were looking for a second book to add, how about this one: http://store.elsevier.com/product.jsp?isbn=9781597499859&pagename=search

Ken Pryor wrote a very in-depth review of the XWF Guide.   Ken has a very informative DF blog and we're glad to have been mentioned in such detail.  Thank you Ken for the nice review.

Check out Ken's review at:  http://digiforensics.blogspot.com/2013/09/book-review-x-ways-forensics.html

And of course, here is a direct link to order the XWF Guide...

From Amazon

That's right, a free signed copy of the XWF Guide is yours, but only IF you can win the contest.

http://hackingexposedcomputerforensicsblog.blogspot.com/

On a related note, check out Eric's interview on his ongoing imaging tests on YouTube.

And the winner is....

http://hackingexposedcomputerforensicsblog.blogspot.com/2013/09/daily-blog-78-sunday-funday-9813-winner.html

So far, we've had a lot of positive feedback on the XWF Guide, so much so, that the second edition (should that happen) will have a few added things.  Like...a companion CD with sample data and slidedecks for classroom use.

However, before a second edition is started, this edition has to first be outdated by updates in XWF.

The bad news on a second edition is that we wrote the book to cover XWF for some time to come even with the expected updates that occur every month or so. That means a second edition isn't likely until we see a major change in XWF.

The good news on a second edition is that we wrote the book to cover XWF for some time to come even with the expected updates that occur every month or so.  That means this book will last you well into your expertise is solid with XWF.

For the college and university profs and instructors, we'd be glad to help review your slidedecks if you will be using the book in your course.  Potentially, we may be able to create a set of slidedecks (with help from those teaching) to make available to any schools using XWF).

[caption id="attachment_343" align="aligncenter" width="528"] Do you teach XWF in your college class? We'd be happy to help your slidedecks with reviews and suggestions if you need.

Not to put on any pressure, but I've been informed the XWF Guide is planned for reprint due to the preorder demand.  For those that preordered, that was a good idea, you may have your guide by now or it's in the mail.  For those that were waiting for the book to come out first instead of preordering, you may want to hurry.   I'm not sure how long it takes to reprint more books (that's like, beyond the guys that just type the words...).  Then again, you could always wait for the next go around for reprints...

Amazon still looks to have the best price, but only a few copies left before they have to order more.

The X-Ways Practitioner's Guide (Amazon)

**Update**

Looks like most have received their preorders, and those that waited late might have to wait again for a reprint.  Direct link to Amazon - XWF Guide.

http://scitechconnect.elsevier.com/


Our publisher has a new blog written by their authors.  So, for all of us that read books by Syngress (an imprint of Elsevier), you may find your favorite authors writing about something of interest.  Although it is yet another blog, it's also a little different being that it one place with their authors writing posts about the books we read.

And of course, the X-Ways Guide has a post too...

Looks like more Kindle readers than paperback readers.   Then again, it's easier to have the Kindle at your desk than a stack of books when you are fighting through hex, decoding registry values, and spilling coffee on the desk.

Direct link to order the Kindle:  X-Ways Guide - Kindle

Direct link to order the old fashioned book:  X-Ways Guide - Book

I'm still working toward putting together a standalone, one-button push WinFE creation with some great helpers, but haven't had the time to fully focus on it to make sure I get it working smoothly.   But, I plan to have something done within the next month that anyone will be able to build their own customized WinFE with the least amount of hassle.   Stay tuned...I'm pounding away at the keyboard to get to it.

On another note with book stuff, the X-Ways Forensics Practitioner's Guide written by Eric Zimmerman and myself is available on Kindle today.  The printed edition is coming very soon, but if you want to have it in your hands in less than a minute, click here and order the Kindle version:  X-Ways Forensics Practitioner's Guide



This is my second book, with my first being Placing the Suspect Behind the Keyboard.  The XWF Guide is much more technical than my first book, with good reason.  Placing the Suspect Behind Keyboard goes beyond technical details and gives an overall perspective of high tech investigations.  This includes the computer forensics analysis, but also includes GPS intelligence, online social networking investigations, cell phone analysis, report writing, case management, and case presentation.  I wrote this book for those new to the field to start out on the right track and for those analysts that have buried themselves deep into their monitor to go back to thinking outside the (CPU) box.   If for nothing else, this book will give you plenty of information to pin the suspect to the computer (or cell phone) with enough circumstantial evidence to choke the defense.  And in that light, it also gives information to prevent placing the wrong person at the keyboard, which is even more important!  After all, although the data is what the data is, you are uncovering the truth and not forcing your beliefs into a case.

I also want to give my two cents on some other really good books that I refer to on a regular basis.  I also believe these should be part of every examiner's desk reference.  This is only  "Brett's Review" so take it for what its worth.

Digital Forensics with Open Source Tools by Cory Altheide and Harlan Carvey.   If you do this work long enough, you'll find that you just can't afford every tool in existence, and for the tools you use, they don't always do what you want.  This is a great book on using open source tools.  If you don't use open source, you are really missing out on some great stuff.  I am a huge fan of open source tools, with RegRipper being one of these useful utilities.

Windows Registry Forensics by Harlan Carvey.  I cannot imagine any forensic examiner NOT having this book already.  This is one of those books where you say, "Of course I have that book, don't you?".  Harlan also writes like a person talks, as if the book is written specifically for the reader to get it.  Easy to understand, to the point, and practical.  I kinda like no-nonsense and get-to-the-point books...

Windows Forensic Analysis Toolkit 3E by Harlan Carvey.  Again, another book that I cannot imagine not being on your desk already.   I also can't wait for WFA/4E to be published...hint, be bery bery quiet....Harlan is working on it right now....

File System Forensic Analysis by Brian Carrier.  Some books never go out of style and this is one of those books.  This is also one of those books that should have been written years before it was eventually written, mostly because I could have really used it when first starting out in forensics rather than beating my head against the desk.

I have a LOT more, but these are my main books that are always within arms reach, dog-eared, highlighted, written on, referenced constantly, and used as refreshers all the time.  I figure that if you are going to order a book, pick a few good ones at the same time.  But then again, I assume you have all of these already because I don't know how I could have done without them.

Now...it's back to work to get your WinFE up and running :)

**Update on books***

My first book, "Placing the Suspect Behind the Keyboard" is on sale at half price from the publisher until Sept 22.  Maybe a good time to take advantage of the sale :)

It certainly feels like a long time has passed, but the time is finally here, at least for the Kindle. Order through Amazon and you can have the book on your Kindle in less than a minute. 

Although it feels like it took a long time (at least for me), Eric and I finished the book 6 months ahead of schedule.  If you don't have a Kindle, you can at least read the Introduction through the link below.  We hope (and know) this guide will be your best friend to your XWF dongle.

Order from Amazon.com at  "X-Ways Forensics Practitioner's Guide"

But, Amazon still has the discount as of right now!  My guess is that Amazon will be ending their 40% discount since the publisher ended their sale.  So you may not have missed the boat yet, but you may want to hurry.

 

Order from Amazon.com at  "X-Ways Forensics Practitioner's Guide"

 

This is one of those times that procrastinating will cost you money....

 

What will you tell yourself when you have to spend twice as much for the XWF Guide after tomorrow?

 

 

 

 

 

 

 

 

http://store.elsevier.com/product.jsp?isbn=9780124116054&_requestid=665676

 

 

And shipping is free?  Wow.  Doesn't get much better than that. 

 

The X-Ways Practitioner Guide I wrote with Eric Zimmerman was just given a 40% discount from the publisher.   I am posting the information on the WinFE site mainly because X-Ways is the best forensic app that runs in WinFE, fully, without issues.   In the book, I give a few examples of using WinFE with XWF in different situations, such as in ediscovery cases and triage/preview cases.

If you use XWF, and were thinking of buying this guide, now is the time to get the best price.  I'm actually surprised at the discount.  By the way, the discount applies to more than just the XWF Guide, so it is a good time to buy other books from Syngress at this discounted rate.

From Syngress:

“Now through August 15^th, Elsevier is offering 40% off all their books, including X-Ways Forensics Practitioners Guide (use this link: http://store.elsevier.com/product.jsp?isbn=9780124116054&_requestid=665676). No promo code needed. Just follow the link, add to your cart and save big”

The bad news first.  Forget the 30% discount.

Now the good news.....It is 40% off and no promo code needed!  Holy smokes!

From Syngress:

“Now through August 15^th, Elsevier is offering 40% off all their books, including X-Ways Forensics Practitioners Guide (use this link: http://store.elsevier.com/product.jsp?isbn=9780124116054&_requestid=665676). No promo code needed. Just follow the link, add to your cart and save big”

The 30% has been updated to 40%!

From Syngress:

“Now through August 15^th, Elsevier is offering 40% off all their books, including X-Ways Forensics Practitioners Guide (use this link: http://store.elsevier.com/product.jsp?isbn=9780124116054&_requestid=665676). No promo code needed. Just follow the link, add to your cart and save big”

https://xwaysforensics.wordpress.com/2013/08/05/some-bad-news-and-some-good-news-on-the-xwf-guide/

Magnet Forensics provides a FREE tool at http://info.magnetforensics.com/tsv-to-tln-converter, which converts the X-Ways generated TSV file into the TLN format.  From the tutorial, this looks to be pretty neat and you can't beat the price either.



The tutorial on how to use the TSV to TLN Converter can be found at: http://www.magnetforensics.com/convert-x-ways-tsv-data-into-tln-data-for-ief-timeline/