Computer Forensics & Data Recovery

I haven’t learned all the features of this new release yet,  but I have already used it on two cases here in Gainesville, FL.  It performed great.  Each had thousands of videos and video fragments.  X-ways ran through all of the videos with no crashes.  It doesn’t grab a screen shot from every recovered fragment…. but not every piece of video is playable by any means.   It did go all the way through both cases with no crashes.

Considering what it is doing in grabbing these screen shots from movies…. it is fast too!  Even if it did take the computer 2 hours to run through the movies…  It would have taken me two days to physically open and preview every movie.

This new feature in X-Ways is going to be a HUGE time saver for me!  I can’t recommend it enough to anyone who has to sort through a large volume of movies.

I first downloaded CNW Recovery this software when I was working on my forensics certification. It was in Beta at the time. It was already then a nice piece of software, but needed some polishing at the time. Even then though there documentation was VERY impressive.

I recently downloaded the demo to take another look at it. I was very impressed. The software is geared towards data recovery, not forensics. The software is extremely versatile. It does a lot more than the traditional, “I can get your photos back” programs. It does have uses for forensics uses also.

I actually had a case where the suspect had deleted the boot sector in an effort to make the drive unreadable. I was able to use CNW recovery to get evidence off the drive. The software was stable and easy to use. It made quick work of the recovery job.

I will be buying the software for my data recovery business.

By the way, I am serious about their manual (and website). You can learn some lessons on data recovery just reviewing all that they have available for reading.

I am predicting that CNW Recovery will be a major player in the future of the data recovery world! Remember where you heard it!

When I have more experience with the software under my belt, I will report back with a more detailed review.

Earlier this week my X-Ways Forensics dongle arrived. (For anyone who is not familiar with that, it is basically a small USB key that is your license for the software.) I spent most of the rest of the week working on a criminal case that will probably go Federal. I mostly used X-Ways as my forensic tool.

The tool has performed as promised so far. All the features have either been intuitive to use or concisely explained in the manual. Some computer software manuals make you feel like the author tried to figure out how to make it as difficult to follow as possible. For instance, I have never found the Encase manual to be an easy read.

With X-ways, I had found files and evidence, within an hour, that I had failed to locate with Encase. I am not claiming that Encase is incapable of finding the same files…. I was just know that I didn’t find them with Encase. I have not attended the Encase training due to their high cost. A trained user may know some way to get the software to find the same evidence. Under X-Ways though, with only a few hours under my belt with the software I was able to find the files.

Speed is one thing that just kept amazing me with the software. This investigation was very image intensive. I was able to just fly through sorting, filtering, marking for report inclusion, viewing, and commenting on files. Even though I was intentionally trying to push the software, I never got a single crash. It was always very quick moving from Hex View, Calender View, Preview…whatever I needed to do. The skin color percentage sort feature for images in AWESOME!

I spent the last few hours of today starting work with the report module. The report module was performing well. I just say well, because I was having to include a lot of images and movies that had been encrypted by the file system of the suspect machine. This required me to recover the files outside of X-Ways then import them into the “case.” The good news is that this is possible and reasonably quick with X-Ways. To start setting up the whole report package for export to external devices was taking some tweaking of the report HTML code. Nothing major, just changing file source addresses. This was because the files were being referenced to their absolute location on the drive and not relative to the report. (In X-Ways defense though, I have to say this was my first time using their report module and I was in a hurry at the end of the day. So, it is possible there is a way to do it that would have saved the HTML coding issue.)

Another important point, I had a question about the software the other day. I sent a support email. I got a response within about 10 minutes from the lead software designer himself. That was impressive service. Can’t say I have ever gotten that good of service on any other software.

I still hope to get back with an even more detailed review when I have more experience under my belt. I wanted to let everyone know how it was going though.