Brett's Ramblings

WinFE and UEFI Secure Boot!
Brett Shavers
Digital Forensics
Don't get excited, there isn't a solution to Windows RT or Secure Boot and WinFE (yet!).  But for those working on it, here are two links of interest that help explain a few of the technical details.  http://www.uefi.org/learning_center/ The UEFI secure boot specification is owned by the UEFI consortium, not Microsoft, so the consortium documentati...
Case Studies with X-Ways
Brett Shavers
Books
We are WAY ahead of our planned writing schedule, mostly because of the XWF Guide writing and editing team are getting things done, fast.With that, we are reaching the Case Studies chapter, where we will give specific case flow and XWF usage by the type of case.  That means, we have a section on "How to Use XWF on a Child Pornography Case" and "How...
Table of contents updated!
Brett Shavers
Books
Chapter 4 is wrapping up! We each have one more chapter to go and then we start the case studies.The table of contents page is updated to reflect the topics of each chapter and, for the completed chapters, the page and word count of each.
XWFRT updated to 0.4.8
Brett Shavers
Digital Forensics
Several fixes based on user testing in this build to include: Added Undo button to reverse the tweaking process Rearranged GUI to make it less congested Undo tweaking automagically if an error occurs to keep report in a known good state A bunch of processing fixes to allow for tweaking more than one report in a row     
XWFIM goes International!
Brett Shavers
Digital Forensics
Just released version 0.0.4.8 that includes fixes for international users. The issue had to do with date/time formats and the use of non period decimal separators.Both should be fixed, but if any of our international friends are having issues, please shoot me an email and I will get it resolved ASAP
XWFRT and XWFIM updated
Brett Shavers
Digital Forensics
You can let the latest build of XWFIM from the URL in the X-Ways Forums or just use the auto-update feature in the program by looking in the lower right corner of the program after it starts.XWFRT was also updated recently. again you can auto update or pull a copy from here:https://www.dropbox.com/s/6labcj537jlxnzz/XWFRT.exeif you run into any repo...
XWFRT 0.0.4.6 released
Brett Shavers
Digital Forensics
New in this version is the ability to attach one or more external files to your report.This includes things like XWF registry reports (as seen below). You can include any kind of file to the report in this manner. HTML files will be viewable directly in the browser.The screenshot below shows 2 registry reports being added as external file...
XWFRT now available
Brett Shavers
Digital Forensics
More to come and i am sure someone will break it, but for now, here it is! https://www.dropbox.com/s/6labcj537jlxnzz/XWFRT.exe kick it around and email me with any bugs or suggestions
Coming soon...X-Ways Forensics Report Tweaker, or XWFRT for short
Brett Shavers
Digital Forensics
Ever generate a report in XWF and ended up with more than one Report*.html page? Ever been stymied by the fact that those handy menus at the top don't link to anything outside the main Report.html page?Yea, me too, but no more!This isnt quite done yet, but its close. here is an overview and some screenshots. In my testing, reports get tweaked in le...
XWFIM updated
Brett Shavers
Digital Forensics
Just pushed version 0.4.3 out. This version will now track the last selected version as opposed to always defaulting to the newest available versionI also added a check on startup for any new updates for the last version you selected. That way you will know as soon as you start XWFIM whether there are updates or not.Finally, i fixed a (stupid)...
X-Tensions, what would you like to see it do?
Brett Shavers
Digital Forensics
Do you have any ideas for an X-Tensions based plugin in X-Ways? if so, post it in the comments! I have a few ideas for the advanced chapter which includes X-Tensions, but want to hear from the community as well.
Placing the Suspect Behind the Keyboard - NEW BOOK!
Brett Shavers
Digital Forensics
Gotta plug my book, especially since WinFE is in the book too.  It was nearly a year in research and writing, with my sincere gratitude to those that helped tech edit, review, and help me get the book printed (each have been credited in the book, all have given me kind words and I am humbled by it).Although the title contains the word "suspect", it...
Chapter 6 is wrapping up!
Brett Shavers
Digital Forensics
Chapter 6 is all about searching in X-Ways Forensics. Chapter 6 has the following sections: Introduction Simultaneous Search Regular expressions GREP and regular expressions in XWF Indexed search Reviewing search hits Text search Hexadecimal search Shortcuts Conclusion   As of right now, the chapter is 52 pages long and consists of 9,041words....
Talking about XWF in the CTIN Digital Forensics Conference
Brett Shavers
Speaking
XWF was presented in two sessions of the 2013 CTIN Digital Forensics Conference.  Pete Donnell of the Washington AG Office spoke on XWF Basics and I spoke on XWF Advanced Tips.  There was more than one person that decided to now use XWF as a bigger part of their forensic tools set.You can see the XWF Advanced slidedeck here:  XWF
CTIN 2013 Presentation
Brett Shavers
Digital Forensics
The WinFE presentation was given to a packed room in Seattle, Washington.  For those that couldn't make it, here is my PowerPoint.  Great conference, great people, great time!CTIN 2013 Digital Forensics Conference WinFE Presentation: WinFE CTIN