X-Ways Forensics Practitioner's Guide

Machine generated contents note: Introduction -- System requirements -- Installing XWF -- Alternative install methods -- The XWF dongle -- Upgrading your dongle -- The XWF user interface -- Configuring XWF -- Summary -- Reference -- Introduction -- Creating a case file -- Creating a new case -- Creating/Adding evidence files -- Creating forensic images with XWF -- Live response using XWF -- Using XWF to review medium while imaging -- Reverse imaging -- Skeleton imaging -- Cleansed imaging -- CD/DVD -- Physical memory imaging -- Container files -- Working with RAID arrays -- Augmenting with F-Response -- Shortcuts -- Summary -- Introduction -- Case Data directory tree -- Right click behaviors -- Middle-click behaviors -- Toolbar, tab control, and Directory Browser Options, Filters -- General Options -- Item listing options -- Directory Browser column and filter options -- Directory Browser columns -- Directory Browser -- Column sorting -- Column filtering -- Directory Browser context menu -- Mode buttons and Details pane -- Legend mode -- Volume/Partition mode -- Disk mode -- File mode -- Preview mode -- Details mode -- Gallery mode -- Calendar mode -- Directory Browser mode -- Sync mode -- Explore recursively mode -- Search hit list mode -- Events mode -- Position manager mode -- Status bar -- Right clicking the status bar -- Left clicking the status bar -- Data Interpreter -- Main menu -- General Options continued -- Volume Snapshot options -- Viewer Programs options continued -- Security Options -- Shortcuts -- Summary -- Introduction -- Volume snapshot options -- Starting RVS -- Take new one and default RVS options -- RVS options -- File recovery options -- File processing options -- Extract e-mail messages and attachments from ... -- Results of an RVS -- Shortcuts -- Summary -- Reference -- Introduction -- XWF internal hash database and hash sets -- Hash categories -- Computing hash values -- Creating hash sets -- Duplicate hash values -- The registry through X-Ways Forensics -- The XWF Registry Viewer -- Viewing USB devices -- Exporting -- The XWF Registry Report -- Shortcuts -- Summary -- Introduction -- Simultaneous Search -- Search terms and code pages -- How to search options -- Where to search options -- Additional search options -- Search methodologies -- Regular expressions -- Regular expression examples -- GREP and regular expressions in XWF -- Indexed search -- Other index-related options -- Reviewing search hits -- Search Hit List columns -- Interacting with the Search Hit List -- Simultaneous search results vs. indexed search results -- Search Hit List options -- + and -- operators -- Alternate method -- Proximity between search terms using the Search Hit List -- Text search -- Hexadecimal search -- Shortcuts -- Summary -- Introduction -- Customizing X-Ways Forensics configuration files -- XWF directory-based configuration files -- User profile-based configuration files -- File Type Categories.txt -- File Type Signatures Check Only.txt -- File Type Signatures Search.txt -- Maneuvering in hex -- Data Interpreter -- Defining blocks of data -- User search hits -- Other options -- Sector superimposition -- Templates -- Timeline and event analysis -- Calendar mode -- Events view -- Gathering free and slack space -- RAM analysis -- Opening memory from within XWF -- Scripting, X-Tensions API, and external analysis interface -- Scripting -- X-Tensions -- External analysis interface -- Shortcuts -- Summary -- Introduction -- Adding items to a report table -- RT associations options -- Adding a new RT association -- Meanwhile, back in the Directory Browser -- Sharing RT associations -- Comments -- Report generation -- Main report options -- Audit trail options -- RT options -- Report customization -- Shortcuts -- Summary -- Introduction -- Civil litigation -- Preparing XWF -- Accessing the data -- User created files-Existing (active) files -- Copying the filtered files -- Optional method of creating a file list -- Printing the relevant files -- XWF container -- Redacting files within an image -- Review of relevant data with X-Ways Investigator -- Bates numbering -- Attorney review of data -- Forensic analysis and electronic discovery -- Log file and reporting -- Summary -- Reference -- Introduction -- X-Ways Forensics and criminal investigations -- Prepare XWF -- Adding evidence items -- Case scenario -- Summary -- Reference

The X-Ways Forensics Practitioner's Guide is more than a manual-it's a complete reference guide to the full use of one of the most powerful forensic applications available, software that is used by a wide array of law enforcement agencies and private forensic examiners on a daily basis. In the X-Ways Forensics Practitioner's Guide, the authors provide you with complete coverage of this powerful tool, walking you through configuration and X-Ways fundamentals, and then moving through case flow, creating and importing hash databases, digging into OS artifacts, and conducting searches. With X-Ways Forensics Practitioner's Guide, you will be able to use X-Ways Forensics to its fullest potential without any additional training. The book takes you from installation to the most advanced features of the software. Once you are familiar with the basic components of X-Ways, the authors demonstrate never-before-documented features using real life examples and information on how to present investigation results. The book culminates with chapters on reporting, triage and preview methods, as well as electronic discovery and cool X-Ways apps. Provides detailed explanations of the complete forensic investigation processe using X-Ways Forensics. Goes beyond the basics: hands-on case demonstrations of never-before-documented features of X-Ways. Provides the best resource of hands-on information to use X-Ways Forensics