X-Ways Forensics II

This 2.5-day event is an advanced course for experienced users and previous attendees of X-Ways 1 (which is a prerequisite). This is definitely not suitable as an introduction for new users of X-Ways Forensics.

The topics covered in this class will include:

• • The .e01 evidence file format
  • Creating skeleton images
  • Creating cleansed images
  • Sector superimposition
  • Working with evidence file containers

• • • Creating containers, understanding the available options
    • Adding files to containers from various sources
    • Closing containers, optionally converting them
    • Using containers as evidence objects

• • Finding and analysing deleted partitions
  • Reconstructing RAID and Linux MD RAID systems

• • • Practical examples for RAID 0 and RAID 5
    • Practical examples for both regular and MD RAIDs

• • • Explanation of underlying data arrangements
    • Clues towards finding the right parameters
    • MD RAID vs. LVM2

• • • FuzZyDoc
    • Conditional cell coloring
    • UI Text Adjustments
    • Custom keyboard shortcuts
    • Advanced sorting rules
    • Registry Viewer and Registry Reports, Registry Report definition files
    • How X-Tensions work
    • Recovering deleted NTFS-compressed files manually
    • Block-wise hashing and matching
    • Command line usage of X-Ways Forensics
    • Indexing
    • Customizing the registry report
    • Templates

DOWNLOAD BROCHURE