Brett's Ramblings
X-Ways Forensics Cheat Sheet and “Three Things”
I had the pleasure of talking to a group of high schoolers about digital forensics recently. After showing some neat things to get interest, the fun really started with getting hands-on demonstrations. I decided to use X-Ways Forensics for the hands-on fun (tip: be sure to register your dongles with X-Ways Forensics insurance feature).
Since the talk time was limited, I broke X-Ways Forensics down to three things:
- Add the source
- Process the data
- Find the evidence
Breaking a topic into three parts makes it easier to understand and learn, especially for new, complex, or new and complex topics. X-Ways Forensics can certainly fit in the new and complex area. However, when you look at X-Ways Forensics or any digital forensics application, they all break down into the same three functions of adding the source, processing the data, and finding the evidence. Actually, if you can break down anything you teach into three parts, you'll be more effective in getting your topics across to your audience (be it a supervisor or an auditorium of students).
Based on these three functions, I created a X-Ways Forensics cheat sheet for the students which I think will benefit anyone using X-Ways Forensics. What I wanted to show visually is that there are “x” ways of using X-Ways Forensics. For many of the functions, you can get there in one, two, three, four, or more different routes (via menu, icon, right click, command line, x-tensions, shortcuts, or etc…).
Perhaps this is a reason why X-Ways Forensics seems to be initially overwhelming, but when looked at differently, will is seen as not “how do you make sense of this”, but more as “of course this is how it works”. This is how I look at any software, especially DFIR software since few are overtly designed to be intuitive, and some appear to be designed intentionally as counter-intuitive.
How to learn X-Ways Forensics
Self-learning can be painful and slow. For anyone thinking about using X-Ways Forensics, or wanting to learn more about it if they are currently using it, here are suggestions ranked from free to not-free to do.
- Read the manual. Free
- Read the book. Inexpensive
- Take the online practitioner's course. Half price this week at $29.99!
- Take the official X-Ways Forensics course.
Half price registration expires August 29, 2018. (30 day access) Over 13 hours with a certificate of completion!
About the author
Comments
Posts List
Tag Cloud
Search Blog
Most popular posts
DFIR Training
Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.
Even better, support DFIR Training at Patreon and get access to multiple online courses in digital forensics with included ebooks!
More posts
-
The Five Stages of the DFIR Career Grief Cycle
I have been a fan of Craig Ball ever since I met him in a forensic course years ago. I was so impressed with Craig,…
Tuesday September 10
24063 hits / 0 comments
-
Our World is Going to Turn Upside Down with DeepFakes
The short story Any person and their voice, in practically any video (past, present, or future) can have their face and voice digitally replaced with…
Sunday September 01
2052 hits / 0 comments
-
If you are comfortable in DFIR, you might be doing it wrong
I took a 3-day basic forensic course and embarrassingly enough, the instructor (in front of the class), said that I probably know everything in the…
Thursday August 29
2440 hits / 0 comments
-
Everything I Needed to Know about Working in DFIR, I Learned in Boot Camp
You don’t need to experience military life to learn the valuable lessons that are drilled into military recruits. In fact, you can probably enjoy the…
Saturday August 17
2972 hits / 0 comments
-
Personality of a computer
From a recent discussion that I had with Harlan Carvey about the registry, this topic is something that I touched on lightly in Placing the…
Wednesday July 31
2621 hits / 0 comments
-
Add a Dab of Balance in your DFIR World
Jessica Hyde ’ s post of Giving Back in DFIR from 2018 is a great write up on contributing to the DFIR community, and I…
Monday June 24
13485 hits / 0 comments
-
The Easy Way to Learn DFIR
Summary There is no easy way to learn DFIR . You can stop reading from here if you want. Longer version Ok. Since you are…
Saturday June 08
11781 hits / 0 comments
-
Game of Thrones, DFIR Style
Short post and quick opinion. I came across some tweets today about how bad people are in the #infosec/#DFIR community and I dug a little…
Thursday April 25
26244 hits / 0 comments
-
Puking in DFIR
Admittedly, the title of this post is intentionally gross, because I am going to heave a few things at you, mainly about puking. As in,…
Wednesday April 17
5053 hits / 0 comments
-
The #1 Reason that DFIR practitioners don’t post opinions
Lesley Carhart tweeted today that a journalist used one of her tweets in an article that would have been rephrased in a less playful…
Tuesday April 09
5240 hits / 0 comments
-
If USB flash drives were shaped like spiders, we wouldn’t have these problems
I hate USB drives. My first experiences with the darn things was when I was a young patrol officer and the entire police department was…
Monday April 08
1383 hits / 0 comments
-
Working in DFIR is glamorous, but mostly only to those not working in DFIR...
Here is something about the DFIR career field: it is one of the most exciting, eventful, and jam-packed jobs that anyone can have. Running and…
Friday April 05
2784 hits / 0 comments
-
Overcommitted in DFIR
I have seen people be overcommitted, realize that they are overcommitted, yet continue forward in the most serious of situations. By overcommitted, I do not…
Friday March 22
14822 hits / 0 comments
-
'You're guilty unless you can prove it'
Swift on Security tweeted a great article. The article is not great as a well-written piece or containing earth shattering news piece, but more that…
Saturday March 09
18312 hits / 0 comments
-
“I've answered questions, responded to emails, and been on phone calls...when asked.” – Harlan Carvey
I feel obligated to respond to one of Harlan Carvey’s points in his recent blog post, Book Writing Misconceptions ( https://windowsir.blogspot.com/2019/03/book-writing-misconceptions.html ). I agree with…
Tuesday March 05
2696 hits / 0 comments
-
All you need is a tiny spark to solve your case.
During a recent workshop, one person in the class kept asking me for the magic bullet to work his case. By that, I mean that he…
Saturday March 02
2429 hits / 0 comments
-
Some CONS are good. Some cons are bad.
The bad cons are the criminals that victimize you. The good CONS are the conferences that you were glad to attend. CTIN is one of…
Thursday February 14
7769 hits / 0 comments
-
This is how I know someone will make it in DFIR (or in anything)
The #1 factor is not giving up . The #2 factor is talent . Actually, scratch #2. You can make it without talent if you…
Wednesday January 09
18497 hits / 0 comments
-
5 tips in how not to be outdone, outmaneuvered, or just outright embarrassed in DFIR.
Short version:
- Bring your A Game
- Don’t hold back
- Be prepared
- Know what you claim to know
- Fight complacency&...
Tuesday January 01
by Brett Shavers
7795 hits
/
2 comments
Only race cars should burnout.
Only race cars should burnout.
This week, @taosecurity ( Richard Bejtlich ) wrote an important blog post on managing burnout ( Managing Burnout ). As he mentions in the first…
Sunday December 23
by Brett Shavers
24234 hits
/
0 comments
{source}
© 2019 Brett Shavers