3/14/2021 0 Comments X Ways Winhex
Ethics Statement Terms of Use Privacy Policy Change Ad Consent Advertise.These tips are for those who are either new to forensics or havent used X-Ways and have some interest in using it.
![]() Also, here are some handy resources to help when researching X-Ways. X-Ways will create a case folder with a lot of cache files and system files related to this case. Its good practice to keep these cases separate with appropriate names for easy management. Directory This is where X-Ways is going to place all if its cache, temp, and db files. These are required for an X-Ways case to operate efficiently. Consider setting this to a fast SSD to get quick load times when using X-Ways, but I have had good results with placing the case directory on standard NAS and file shares. Case-specific directory for temporary files This is a good house cleaning measure anytime X-Ways creates temporary files, they will be stored in a temp directory related to the case rather than your default temp location. Case-specific default path for images Set this to the location of all your forensic images in a case. This will make your life a lot easier when you want to add new images as your work progresses. ![]() Timezone Make sure to set your timezone appropriately as it may default to your systems settings. I usually set it to UTC and then change it during analysis if I want to. ![]() This will open a Windows file browser; navigate to the exported MFT, select it and click Open. From the menu bar, select Specialist-Interpret Image file as Disk. X-Ways will being parsing the MFT and present you with a file system that you can start reviewing in the Browser window. Navigate to the exported MFT file you want to analyze, select it, and click Open. X-Ways will add the MFT file to you evidence list and being parsing it immediately, given that you have the Add disk partitions to the case automatically option set in your case preferences. If that option isnt set, just double-click the MFT once it is added to your evidence list and X-Ways will being parsing. When you have evidence loaded into X-Ways and are browsing the file system, there is a squiggly blue arrow button in the bottom toolbar. From the recursive view you can quickly sort by any of the primary timestamps and layer two additional sorts. This can quickly reveal additional files and directories related to the incident you are investigating.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |