Brett's Ramblings
X-Ways Forensics Cheat Sheet and “Three Things”
I had the pleasure of talking to a group of high schoolers about digital forensics recently. After showing some neat things to get interest, the fun really started with getting hands-on demonstrations. I decided to use X-Ways Forensics for the hands-on fun (tip: be sure to register your dongles with X-Ways Forensics insurance feature).
Since the talk time was limited, I broke X-Ways Forensics down to three things:
- Add the source
- Process the data
- Find the evidence
Breaking a topic into three parts makes it easier to understand and learn, especially for new, complex, or new and complex topics. X-Ways Forensics can certainly fit in the new and complex area. However, when you look at X-Ways Forensics or any digital forensics application, they all break down into the same three functions of adding the source, processing the data, and finding the evidence. Actually, if you can break down anything you teach into three parts, you'll be more effective in getting your topics across to your audience (be it a supervisor or an auditorium of students).
Based on these three functions, I created a X-Ways Forensics cheat sheet for the students which I think will benefit anyone using X-Ways Forensics. What I wanted to show visually is that there are “x” ways of using X-Ways Forensics. For many of the functions, you can get there in one, two, three, four, or more different routes (via menu, icon, right click, command line, x-tensions, shortcuts, or etc…).
Perhaps this is a reason why X-Ways Forensics seems to be initially overwhelming, but when looked at differently, will is seen as not “how do you make sense of this”, but more as “of course this is how it works”. This is how I look at any software, especially DFIR software since few are overtly designed to be intuitive, and some appear to be designed intentionally as counter-intuitive.
How to learn X-Ways Forensics
Self-learning can be painful and slow. For anyone thinking about using X-Ways Forensics, or wanting to learn more about it if they are currently using it, here are suggestions ranked from free to not-free to do.
- Read the manual. Free
- Read the book. Inexpensive
- Take the online practitioner's course. Half price this week at $29.99!
- Take the official X-Ways Forensics course.
Half price registration expires August 29, 2018. (30 day access) Over 13 hours with a certificate of completion!
About the author
Comments
By accepting you will be accessing a service provided by a third-party external to https://brettshavers.com/
Posts List
Tag Cloud
Search Blog
Most popular posts
Magnet Forensics Conversation
DFIR Training
Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.
Even better, support DFIR Training at Patreon and get access to multiple online courses in digital forensics with included ebooks!
More posts
-
Jessica Hyde and I talk about forensic stuff
Jessica Hyde of Magnet Forensics sat down together (virtually...) to talk about forensics. In case you missed it, here it is!
Thursday June 11
9625 hits / 0 comments
-
Facebook Spoofing: Your Reputation, Investigations, and Massive Data Collection
A “new” article on imposter Facebook accounts was published today in the Philippines. I put “new” in quotes because this is not a new issue,…
Sunday June 07
2054 hits / 0 comments
-
You do not want to work in DFIR.
The fantasySo many people ask how they can start a career in the DF/IR field, which is completely understandable. The glamour is there. Hollywood shows…
Thursday June 04
1708 hits / 0 comments
-
COVID-19’s Investigative Impacts on Digital Forensics/Incident Response (DFIR). AKA: All burners are now burned.
The meat and potatoesA bit is still a bit and a byte is still a byte. COVID-19 cannot change that, which means that the technical…
Saturday April 25
15401 hits / 0 comments
-
Mini-WinFE 10 and WinFE 10 Updated
The short story on the newest Mini-WinFE 10 (aka, the download link):Mini-WinFE has been updated and upgraded. I update WinFE developments (including the downloads for…
Sunday April 05
9276 hits / 2 comments
-
Eat your broccoli first
Something good and something not-so-good on learning DFIRThe good thing about learning DFIR is that there are probably fewer barriers and obstacles to learn and…
Saturday January 18
30283 hits / 0 comments
-
The Second Decade of the 2000s is almost over!
We’ve come a long way in DFIR over the past 20 years, and even looking at just the past decade, the field has drastically grown!…
Thursday December 26
9947 hits / 0 comments
-
Public Records
I have an outstanding public records request. It is not "outstanding" in the manner that I wrote a great request, but "outstanding" in that I…
Thursday December 12
4755 hits / 0 comments
-
The Five Stages of the DFIR Career Grief Cycle
I have been a fan of Craig Ball ever since I met him in a forensic course years ago. I was so impressed with Craig,…
Tuesday September 10
35070 hits / 0 comments
-
Our World is Going to Turn Upside Down with DeepFakes
The short storyAny person and their voice, in practically any video (past, present, or future) can have their face and voice digitally replaced with any…
Sunday September 01
3151 hits / 0 comments
-
If you are comfortable in DFIR, you might be doing it wrong
I took a 3-day basic forensic course and embarrassingly enough, the instructor (in front of the class), said that I probably know everything in the…
Thursday August 29
4093 hits / 0 comments
-
Everything I Needed to Know about Working in DFIR, I Learned in Boot Camp
You don’t need to experience military life to learn the valuable lessons that are drilled into military recruits. In fact, you can probably enjoy the…
Saturday August 17
5050 hits / 0 comments
-
Personality of a computer
From a recent discussion that I had with Harlan Carvey about the registry, this topic is something that I touched on lightly in Placing the…
Wednesday July 31
4198 hits / 0 comments
-
Add a Dab of Balance in your DFIR World
Jessica Hyde’s post of Giving Back in DFIR from 2018 is a great write up on contributing to the DFIR community, and I see her…
Monday June 24
14687 hits / 0 comments
-
The Easy Way to Learn DFIR
SummaryThere is no easy way to learn DFIR. You can stop reading from here if you want.Longer versionOk. Since you are still reading, you probably…
Saturday June 08
14040 hits / 0 comments
-
Game of Thrones, DFIR Style
Short post and quick opinion. I came across some tweets today about how bad people are in the #infosec/#DFIR community and I dug a little…
Thursday April 25
32885 hits / 0 comments
-
Puking in DFIR
Admittedly, the title of this post is intentionally gross, because I am going to heave a few things at you, mainly about puking. As in,…
Wednesday April 17
5844 hits / 0 comments
-
The #1 Reason that DFIR practitioners don’t post opinions
Lesley Carhart tweeted today that a journalist used one of her tweets in an article that would have been rephrased in a less playful manner…
Tuesday April 09
5938 hits / 0 comments
-
If USB flash drives were shaped like spiders, we wouldn’t have these problems
I hate USB drives. My first experiences with the darn things was when I was a young patrol officer and the entire police department was…
Monday April 08
2372 hits / 0 comments
-
Working in DFIR is glamorous, but mostly only to those not working in DFIR...
Here is something about the DFIR career field: it is one of the most exciting, eventful, and jam-packed jobs that anyone can have. Running and…
Friday April 05
3933 hits / 0 comments
© 2020 Brett Shavers