Brett's Ramblings

Starting the last chapter!
Brett Shavers
Digital Forensics
We are starting the last chapter (Case Studies) and have a few contributors already for case examples.  We'll gladly take more as we want to have a wide range of case studies using X-Ways. For everyone waiting, we are finishing the book much earlier than we had planned, only because it has been a smooth process with the authors (Brett and Eric...
Starting the last chapter!
Brett Shavers
Digital Forensics
Be sure to keep up on the progress of my second book (X-Ways Forensics Practitioner's Guide) at https://xwaysforensics.wordpress.com/.  Eric Zimmerman and I are on the last chapter!After the book is done, I have a few new things to test and post about WinFE to update the old, bring in the new.
WinFE and UEFI Secure Boot!
Brett Shavers
Digital Forensics
Don't get excited, there isn't a solution to Windows RT or Secure Boot and WinFE (yet!).  But for those working on it, here are two links of interest that help explain a few of the technical details.  http://www.uefi.org/learning_center/ The UEFI secure boot specification is owned by the UEFI consortium, not Microsoft, so the consortium documentati...
Case Studies with X-Ways
Brett Shavers
Books
We are WAY ahead of our planned writing schedule, mostly because of the XWF Guide writing and editing team are getting things done, fast.With that, we are reaching the Case Studies chapter, where we will give specific case flow and XWF usage by the type of case.  That means, we have a section on "How to Use XWF on a Child Pornography Case" and "How...
Table of contents updated!
Brett Shavers
Books
Chapter 4 is wrapping up! We each have one more chapter to go and then we start the case studies.The table of contents page is updated to reflect the topics of each chapter and, for the completed chapters, the page and word count of each.
XWFRT updated to 0.4.8
Brett Shavers
Digital Forensics
Several fixes based on user testing in this build to include: Added Undo button to reverse the tweaking process Rearranged GUI to make it less congested Undo tweaking automagically if an error occurs to keep report in a known good state A bunch of processing fixes to allow for tweaking more than one report in a row     
XWFIM goes International!
Brett Shavers
Digital Forensics
Just released version 0.0.4.8 that includes fixes for international users. The issue had to do with date/time formats and the use of non period decimal separators.Both should be fixed, but if any of our international friends are having issues, please shoot me an email and I will get it resolved ASAP
XWFRT and XWFIM updated
Brett Shavers
Digital Forensics
You can let the latest build of XWFIM from the URL in the X-Ways Forums or just use the auto-update feature in the program by looking in the lower right corner of the program after it starts.XWFRT was also updated recently. again you can auto update or pull a copy from here:https://www.dropbox.com/s/6labcj537jlxnzz/XWFRT.exeif you run into any repo...
XWFRT 0.0.4.6 released
Brett Shavers
Digital Forensics
New in this version is the ability to attach one or more external files to your report.This includes things like XWF registry reports (as seen below). You can include any kind of file to the report in this manner. HTML files will be viewable directly in the browser.The screenshot below shows 2 registry reports being added as external file...
XWFRT now available
Brett Shavers
Digital Forensics
More to come and i am sure someone will break it, but for now, here it is! https://www.dropbox.com/s/6labcj537jlxnzz/XWFRT.exe kick it around and email me with any bugs or suggestions
Coming soon...X-Ways Forensics Report Tweaker, or XWFRT for short
Brett Shavers
Digital Forensics
Ever generate a report in XWF and ended up with more than one Report*.html page? Ever been stymied by the fact that those handy menus at the top don't link to anything outside the main Report.html page?Yea, me too, but no more!This isnt quite done yet, but its close. here is an overview and some screenshots. In my testing, reports get tweaked in le...
XWFIM updated
Brett Shavers
Digital Forensics
Just pushed version 0.4.3 out. This version will now track the last selected version as opposed to always defaulting to the newest available versionI also added a check on startup for any new updates for the last version you selected. That way you will know as soon as you start XWFIM whether there are updates or not.Finally, i fixed a (stupid)...
X-Tensions, what would you like to see it do?
Brett Shavers
Digital Forensics
Do you have any ideas for an X-Tensions based plugin in X-Ways? if so, post it in the comments! I have a few ideas for the advanced chapter which includes X-Tensions, but want to hear from the community as well.
Placing the Suspect Behind the Keyboard - NEW BOOK!
Brett Shavers
Digital Forensics
Gotta plug my book, especially since WinFE is in the book too.  It was nearly a year in research and writing, with my sincere gratitude to those that helped tech edit, review, and help me get the book printed (each have been credited in the book, all have given me kind words and I am humbled by it).Although the title contains the word "suspect", it...
Chapter 6 is wrapping up!
Brett Shavers
Digital Forensics
Chapter 6 is all about searching in X-Ways Forensics. Chapter 6 has the following sections: Introduction Simultaneous Search Regular expressions GREP and regular expressions in XWF Indexed search Reviewing search hits Text search Hexadecimal search Shortcuts Conclusion   As of right now, the chapter is 52 pages long and consists of 9,041words....