Been a long time coming, but now comes the second edition of the X-Ways Forensics Practitioner's Guide.

The short story:

The book is done!

Get it at $20 off during the 100-hour book launch coming up in a few days (but only a limited number of books will be sold in the 100-hour book launch). Free shipping in the USA. International is available to ship, but not free..sorry…

The book will afterward be available for purchase on Amazon (and elsewhere) at the retail price of $69.99 plus shipping.

Get on the notification list here so you don’t miss it:  https://order-dfir.com/optintfu71ito

The longer story:

I used X-Ways Forensics (XWF) a lot, starting from the first version. And somehow, the experience of over 15 years of being an XWF user fit into one book. The neat thing about this book is that any XWF user can go read it and learn from that experience in a much shorter time than 15 years! That doesn’t even count the experience laid out by nearly a dozen contributors* in the book which probably gives this book a century of XWF experience wrapped up in a tad bit over 400 pages.

The intention of this book is that there will be at least one thing that you learn that when you see it, you will forever end an XWF frustration point, and prevent many hours of wasted time for years to come.  That makes any book worthwhile.

I’ll say this as strong as I can: I use all sorts of software.  I don’t have a ‘favorite’ tool, but I do have a favorite collection of tools. XWF happens to be in that collection. For the most part, any of the top forensic tools do a fantastic job and I use them all at different times and on different cases. I use good tools, support good tools, and advocate for good tools, because good tools allow good examiners to do good work.  At best, I am okay at forensics simply because I do not know so much, but the tools help me learn and work.

The only reason that I wrote a book on how to use XWF is because the manual didn’t show me how to use XWF.  This is not a problem with most other tools because many other tools are very intuitive; but not XWF.  Only after learning how to use it does it become intuitive…

For me, I need something or someone to show me how to use XWF (and most other things, too), otherwise I am spending hours trying to figure it out and may end up doing it wrong anyway or never learn the right way. I teach the same way as well...mostly I teach the way that I would like to have learned what I am teaching, not how an engineer thinks the way I should learn.

Books, books, books

This is my seventh book authored with my name, plus one fully ghost-written** book, several ghost-written chapters in other books, plus tech editing a half dozen other books. Three of my seven authored books were published under a publishing house, four with self-publishing, one in the second edition, another to be in a second edition in 2023/2024, and another due out in 2023 with a fantastic forensic expert and co-author.

For this edition, the book is more than 150 pages longer than the first edition, includes content not in the first edition, and has a dozen contributors who gave either an XWF war story, told one of their processes in how they use XWF, or contributed information on their X-Tensions or third party tools. The tech editors, Troy Larson and Michael Yasumoto are awesome.  For those who get a copy of the book, you won’t want to miss Troy Larson’s bio. If you know Troy or of Troy, the bio will make perfect sense and is only missing a shark laser pointer.

The XWF/2E started in 2005 when I was struggling with X-Ways Forensics. I struggled enough that my partner-in-crime (so to speak) and I arranged for the first ever X-Ways Forensics course to be hosted in Seattle, Washington. I will go as far to say that since X-Ways wasn’t giving training up to that point, our frustration with XWF ended up with convincing X-Ways that we’d go so far as host a class, market it, fill the seats, and even cater it if that would make it happen.

I’ve used X-Ways Forensics ever since, taking lots of notes, auditing more training, teaching what I learned at various places, and banging my head along the way. That was the impetus of the first edition: take my pain of learning XWF and write it down so others can learn faster. 

The first edition eventually became outdated

Emails started rolling in asking for a second edition. Lots of emails. This was bound to happen because the first edition was outdated to the point that functions moved around or were removed or added to the point that the book didn’t work.

Unfortunately, the publisher didn’t want to approve a second edition as the first edition was still selling well enough to not justify replacing it, even though it was outdated. Writing a book through a publishing house means the author is simply a contract employee writing for the publisher and has no ownership of the book or content other than a commission of sales (royalties).

I then had a 2-year process with the publishing house and my attorney to regain the copyright from the publisher so that a second edition could be (self-) published. This is probably a story to tell in more detail another time in how to get your copyright back from the words you wrote that the publisher owns.

And now you have the second edition, with more content, better organization, and with contributions from a dozen XWF users.  This gives you a dozen different perspectives of how XWF is and can be employed, all from one book.

You most likely have the same reference books on your desk that I have on mine, with dog-eared pages, highlights, notes, and worn out spines.  This is one of those kinds of books.

*Amazing contributors include Michael Yasumoto, Mark Burns, Derek Eiri, Yuya Hashimoto, Alexander Kuiper, Chad Gough, Craig Bowling, Jeffrey Meissner, Erinn Soulse, and a few others wishing to be unnamed.

**Ghost-written, as in, I wrote it for someone else’s book, but in their name, under contract to not give my name.