The bad news first. Forget the 30% discount. 
Now the good news…..It is 40% off and no promo code needed! Holy smokes!
From Syngress:
“Now through August 15th, Elsevier is offering 40% off all their books, including X-Ways Forensics Practitioners Guide (use this link: http://store.elsevier.com/product.jsp?isbn=9780124116054&_requestid=665676). No promo code needed. Just follow the link, add to your cart and save big”
http://store.elsevier.com/product.jsp?isbn=9780124116054&_requestid=665676
And shipping is free? Wow. Doesn’t get much better than that.
But, Amazon still has the discount as of right now! My guess is that Amazon will be ending their 40% discount since the publisher ended their sale. So you may not have missed the boat yet, but you may want to hurry.
It certainly feels like a long time has passed, but the time is finally here, at least for the Kindle. Order through Amazon and you can have the book on your Kindle in less than a minute.
Although it feels like it took a long time (at least for me), Eric and I finished the book 6 months ahead of schedule. If you don’t have a Kindle, you can at least read the Introduction through the link below. We hope (and know) this guide will be your best friend to your XWF dongle.
Looks like more Kindle readers than paperback readers. Then again, it’s easier to have the Kindle at your desk than a stack of books when you are fighting through hex, decoding registry values, and spilling coffee on the desk.
Our publisher has a new blog written by their authors. So, for all of us that read books by Syngress (an imprint of Elsevier), you may find your favorite authors writing about something of interest. Although it is yet another blog, it’s also a little different being that it one place with their authors writing posts about the books we read.
And of course, the X-Ways Guide has a post too…
Not to put on any pressure, but I’ve been informed the XWF Guide is planned for reprint due to the preorder demand. For those that preordered, that was a good idea, you may have your guide by now or it’s in the mail. For those that were waiting for the book to come out first instead of preordering, you may want to hurry. I’m not sure how long it takes to reprint more books (that’s like, beyond the guys that just type the words…). Then again, you could always wait for the next go around for reprints…
Amazon still looks to have the best price, but only a few copies left before they have to order more.
So far, we’ve had a lot of positive feedback on the XWF Guide, so much so, that the second edition (should that happen) will have a few added things. Like…a companion CD with sample data and slidedecks for classroom use.
However, before a second edition is started, this edition has to first be outdated by updates in XWF.
The bad news on a second edition is that we wrote the book to cover XWF for some time to come even with the expected updates that occur every month or so. That means a second edition isn’t likely until we see a major change in XWF.
The good news on a second edition is that we wrote the book to cover XWF for some time to come even with the expected updates that occur every month or so. That means this book will last you well into your expertise is solid with XWF.
For the college and university profs and instructors, we’d be glad to help review your slidedecks if you will be using the book in your course. Potentially, we may be able to create a set of slidedecks (with help from those teaching) to make available to any schools using XWF).
Do you teach XWF in your college class? We’d be happy to help your slidedecks with reviews and suggestions if you need.
That’s right, a free signed copy of the XWF Guide is yours, but only IF you can win the contest.
http://hackingexposedcomputerforensicsblog.blogspot.com/
On a related note, check out Eric’s interview on his ongoing imaging tests on YouTube.
Ken Pryor wrote a very in-depth review of the XWF Guide. Ken has a very informative DF blog and we’re glad to have been mentioned in such detail. Thank you Ken for the nice review.
Check out Ken’s review at: http://digiforensics.blogspot.com/2013/09/book-review-x-ways-forensics.html
And of course, here is a direct link to order the XWF Guide…
Very cool. Meet Eric Zimmerman and Craig Ball at The Inaugural Australian X-Ways Users Conference in Canberra in March 2014!
The best part…you get a copy of the XWF Guide 
If you can’t make it to this conference, get the book!
Click to order, Amazon still has the best price.
I’m in the process of creating working materials to go along with the XWF Guide in the form of exercises and test images. I expect to be finished in 2014 or 2015 or …(it all depends on time available). The materials will be freely available but will really only work best with the XWF Guide. And yes, I know I can use images already available, like at http://digitalcorpora.org/corpora/disk-images, but these datasets will be made to demonstrate all the neat things detailed in the XWF Guide.
One thing I’d like to point out regarding an issue with creating forensic images when giving images to students that contain data may violate the EULA if distributed. Files like commercial programs and operating systems. Anyone that deals with this in training will be happy with how XWF can be used to address this problem.
With the “Cleansed Image” option of XWF, simply exclude/hide any and all files that would violate any privacy concerns or EULA violations before creating the image. Then create the image
This gives you a complete (minus excluded files) disk image without worrying about violating a EULA. You could do this the hard way by using WinHex to overwrite every single file in question. Or you can mass exclude files in one fell swoop with XWF and bam. Image done. Now you have something to give out to your class.
I’ve always wondered why some instructors give out complete images of a single system and make the student “promise” not to distribute the files…that is a bit too trusting in my opinion. And come on, you know who you are…
<and I’ll leak a little information from the book on the cleansed image feature. you can use this technique to remove private/privileged/protected data from an image to comply with a court order but can’t produce specific protected data on the image. an example being a civil case where you need to turn over an image to the opposing expert but have privileged files on the image. don’t hex edit it, cleanse it!>
The XWF Guide has dozens of these kinds of tips and tricks, but you get one today for free. Get the book for the rest of the tips and tricks, you will without a doubt, find something worthwhile that will save you hours or days of work.
Click to order from Amazon (lowest price available for now)
Amazon reduced the price. Grab it before it goes up (again).
Regarding companion materials to go along with the book, please comment on the blog, or send an email, with suggestions you would like to see. So far, there will be one image that will be used to use with examples in the book. As far as a demo of XWF…that’s probably not going to happen…
You can tell that X-Ways Forensics has made it into the market when so many DFIR job requirements list X-Ways Forensics as one of the ‘big 3′ tools to know to apply.
For those that are tinkering with writing X-Tensions, the documentation at the x-ways.net site was just updated on Sept 27. Don’t forget to send your x-tension to X-Ways to share with all of us, just like Mom told you when you were little.
It’s also becoming more common to see statements like these: “The only tool I’ve currently tested that parses the user name is X-Ways Forensics, so it may be necessary to manually parse this record if you don’t have a tool that will do it for you.” – https://rstforums.com/forum/75954-ms-excel-biff-metadata-last-opened.rst
A faster WinFE build is available on http://winfe.wordpress.com/ that includes a script to add XWF to the build. Of course, you have to have a license for XWF for the script to add it to the build. As of now, it includes FTK Imager and dd tools, with more on the way to add. The build method is a beta only because more apps are being added that need to be tested. Other than that, it works great with FTK Imager, XWF, and a few other small apps. The goal is to put several imaging options on it for user preference.
Have 10 minutes to spare? Then you can build a WinFE bootable USB or CD with XWF installed on it.
There is no difference between the write protection in this faster build as it uses Colin Ramsden’s write protection application, but the main difference is that you can build a WinFE ISO file in less than 5 minutes, start to finish. You can burn it to a CD or make a bootable USB within 5 more minutes, giving you a WinFE in about 10 minutes time, starting from pushing the button and having a WinFE CD/DVD/USB in your hand.
Although this is meant to be the fastest method to build an acquisition boot OS, with X-Ways, you can still do a heck of a lot more than just imaging with WinFE. And just because it only takes 10 minutes doesn’t mean WinFE is a minor forensic tool. With XWF, WinFE is way more than just something you can throw together to image. It’s really neat.
The current (and free) issue of eForensics Magazine has an article on imaging with X-Ways Forensics. Of course, the XWF Guide is more detailed, but to get an idea of some of what XWF can do with imaging, take a look at the article.
I recently finished tech editing a book soon to be published on Cloud Storage Forensics. One of the main tools used was….wait for it…X-Ways Forensics. Without giving anything about the book away, I was really impressed by the level of detail documented on the amount of research conducted in cloud storage forensics.
The book goes to print in January, but available for preorder. I’ll be writing a review of the book once it is made available, but in short, I give it a high grade of technical accuracy and research on the most commonly used cloud storage services and the connected machines. The authors documented testing of various cloud services as if it were scientific examinations (which by the way, digital forensics testing is…) and their methods can be used by anyone as can their results. I’ll give a small tidbit that there are many instances of “holy smokes!” on some of their findings that I have not seen anywhere else.
The authors could have chosen any major forensic tool, but they chose XWF. This is just another example of how X-Ways Forensics is used to validate scientific theories and tests over all others. The reason is simple: XWF works.
This book, along with a few others that I know are coming out fairly soon, should be quick sellouts for the first printing. For anyone that buys books from Amazon, preordering is a good way to go and Amazon price matches books, even after you have already ordered. Just saying…
Consider the differences between X-Ways v12 below:
X-Ways Forensics version 12
With the current version 17:
X-Ways Forensics version 17
XWF has had literally hundreds upon hundreds of significant updates over this time between v12 and v17, but the interface and usage remains constant. Personally, I enjoy an update to a program that looks the same, the buttons are in the same place, and there are new features to use. The last thing I want is a totally different interface, buttons where I have to hunt and peck to find or miss completely, or have to take another class from the vendor to be told how to use their new fandangle program.
It’s nice to know that in 10 years, XWF will probably look the same, even though I know it will be able to do so much more then, I’ll be able to use it without skipping a beat.
This is also the reason that the XWF Guide will carry you through the next many years without having to worry about a major change in operation of XWF. What other manual or guide can say that?
Been using X-Ways Forensics for a while now, have ya? Been to an X-Ways training class? Then consider getting certified by X-Ways as an expert (X-PERT) in XWF.
Be sure to set aside time, have your XWF Guide at your side, and dive right in. It’s a real forensics exam that if you pass, have a certificate that actually means you know what you are doing with X-Ways.
