Here are some of the case studies we are working on for our current and last chapter:

• Electronic Discovery (IP theft, document collection, contract antedating)
• Consent Searches (triage/preview)
• Parole Searches (triage/preview)
• Malicious Software
• Intrusion
• Fraud
• Child Pornography
• Cell phone analysis

Several of these are being submitted by contributors, and all are to be detailed using XWF and suggested case flow processes.  Contributors to be duly noted (as much as they allow).

Here is a new X-Tension for XWF that does a few neat things, such as searching for specific files and adding them to the report table, and exporting files for external analysis: http://www.gaijin.at/en/xtmultifilefinder.php

 

We are starting the last chapter (Case Studies) and have a few contributors already for case examples.  We'll gladly take more as we want to have a wide range of case studies using X-Ways.

For everyone waiting, we are finishing the book much earlier than we had planned, only because it has been a smooth process with the authors (Brett and Eric), the Tech Editor (Jimmy), and publisher (agreeing to push up the schedule to keep up with us!).

We've also had offers of translating the book into other languages, and are visiting that topic.  So far, maybe French...suggestions for others?

Be sure to keep up on the progress of my second book (X-Ways Forensics Practitioner's Guide) at https://xwaysforensics.wordpress.com/.  Eric Zimmerman and I are on the last chapter!

After the book is done, I have a few new things to test and post about WinFE to update the old, bring in the new.

Don't get excited, there isn't a solution to Windows RT or Secure Boot and WinFE (yet!).  But for those working on it, here are two links of interest that help explain a few of the technical details.

 http://www.uefi.org/learning_center/

The UEFI secure boot specification is owned by the UEFI consortium, not Microsoft, so the consortium documentation and specification sets out the real rules of the road for working with UEFI.

http://noggin.intel.com/content/the-flow-of-booting-an-intel-architecture-system

This information was sent to me by the Yoda of WinFE.

We are WAY ahead of our planned writing schedule, mostly because of the XWF Guide writing and editing team are getting things done, fast.

With that, we are reaching the Case Studies chapter, where we will give specific case flow and XWF usage by the type of case.  That means, we have a section on "How to Use XWF on a Child Pornography Case" and "How to Use XWF in an Electronic Discovery Case", and more.



For this chapter to be of most use to the most number of readers, please give us what type of cases you want us to cover.  PLUS, if you have used XWF in a case that worked well, send us your (sanitized) case study and we will add it to the chapter.  Depending on how you'd like credit, we can credit you with the specific case ("case study submitted by ...."), or generically ("so and so" contributed to the case studies chapter), or not at all if you want to remain in the background with a case study.

Don't forget to follow us on Twitter to keep up with the book's progress.  It's going fast and you don't want to miss out.

I can also say that although I felt I was competent XWF user (since 2004!), the research, testing, and delving in XWF for this book opened my eyes to more capabilities of XWF that I never imagined.  You won't be disappointed and after reading this book, you will be using that green XWF dongle a lot!

Chapter 4 is wrapping up! We each have one more chapter to go and then we start the case studies.

The table of contents page is updated to reflect the topics of each chapter and, for the completed chapters, the page and word count of each.

Several fixes based on user testing in this build to include:

• Added Undo button to reverse the tweaking process


• Rearranged GUI to make it less congested


• Undo tweaking automagically if an error occurs to keep report in a known good state


• A bunch of processing fixes to allow for tweaking more than one report in a row


 

 

 

Just released version 0.0.4.8 that includes fixes for international users. The issue had to do with date/time formats and the use of non period decimal separators.

Both should be fixed, but if any of our international friends are having issues, please shoot me an email and I will get it resolved ASAP

You can let the latest build of XWFIM from the URL in the X-Ways Forums or just use the auto-update feature in the program by looking in the lower right corner of the program after it starts.

XWFRT was also updated recently. again you can auto update or pull a copy from here:

https://www.dropbox.com/s/6labcj537jlxnzz/XWFRT.exe

if you run into any reports that cause XWFRT to throw an error, please zip and email me all of the Report*.html files (not any of the directories which contain files) and i will get the issue resolved ASAP

Enjoy!

New in this version is the ability to attach one or more external files to your report.

This includes things like XWF registry reports (as seen below). You can include any kind of file to the report in this manner. HTML files will be viewable directly in the browser.

The screenshot below shows 2 registry reports being added as external files.



And here we see what the report would look like as a result of including the files.

 

 

More to come and i am sure someone will break it, but for now, here it is!

 

https://www.dropbox.com/s/6labcj537jlxnzz/XWFRT.exe

 

kick it around and email me with any bugs or suggestions

Ever generate a report in XWF and ended up with more than one Report*.html page? Ever been stymied by the fact that those handy menus at the top don't link to anything outside the main Report.html page?

Yea, me too, but no more!

This isnt quite done yet, but its close. here is an overview and some screenshots. In my testing, reports get tweaked in less than a second or 2 for a 9 page XWF report.

 

Here is what the main interface looks like. Basically, choose the case file, choose the directory where you exported your report to, set some other option information (like who you are, your agency, a logo), write a narrative (if you want) and TWEAK!



 

The Narrative is nice because it supports HTML, so if you wanted to get crazy and write up a nice, fancy report with lists and stuff to include in your report, go for it!

The items at the top, like the logo and the agency, arr taken from what you enter in XWFRT



 

The menu on the left contains items for general case info, all evidence items and, if present, audit trail information. Clicking a menu loads the relevant section into the main part of the window (the General tab is shown below).



 

 

here we see the evidence items page



 

 

and finally, clicking on a report table page.



 

 

I have a bit more polish to put on this thing before i release the first version to include having a setting in the GUI to control the max # of items on a report table page. For example, if you exported 1500 images in report table "Foobar" and set the max per page in XWFRT to 500 items a page, you would get Part 1, Part 2, and Part 3 links under the "Foobar" heading.

 

Oh yea, the entire look and feel is all controlled by CSS, so you can, by editing one simple file, completely change the look and feel of the report to suit your department's needs (colors, layout, borders, EVERYTHING)

 

What else does the community want to see this thing do?

Just pushed version 0.4.3 out.

 

This version will now track the last selected version as opposed to always defaulting to the newest available version

I also added a check on startup for any new updates for the last version you selected. That way you will know as soon as you start XWFIM whether there are updates or not.

Finally, i fixed a (stupid) bug related to mplayer install when doing a new or clean install.

 

please report any issues to me here or via email and I will get em fixed ASAP!

Do you have any ideas for an X-Tensions based plugin in X-Ways? if so, post it in the comments! I have a few ideas for the advanced chapter which includes X-Tensions, but want to hear from the community as well.