X-Ways Forensics Training Course Review

I just completed a week of training with X-Ways in Washington, DC.   The instructor was the CEO of the company and principal software designer Stefan Fleischmann.  This class is taught all over the world, generally only a couple times a year in the United States.

The class is broken up into two segments, which you can purchase seperately.  The first three days is disigned specifically to teach the student how to use X-Ways Forensics.  The last two days is a file systems course.  Since the segments are very different, I will cover them individually.

X-Ways Forensics Course:

If you have read my previous blogs you know I was already a fan of X-Ways Forensics prior to attending the course.  I knew though that there had to be functionality I was missing out on having not attended the training.  I was right!  lol   I of course had learned a lot of the features through use and reading the manual.  There were areas that I had not really explored that I will probably use in every investigation. 

All students are provided with printed training material, digital copy of training material, a computer, and a copy of X-Ways to use during the course.

The class starts out with an overall tour of the user interface and how to navigate in X-Ways Forensics.  Mr. Fleischmann regularly demonstrates that there is multiple ways to do almost everything in X-Ways.  I gained an appreciation for the phrase: How many ways are there to  _______? “X-Ways”  You have to use the “X” to denote the number of ways to do a task because you can’t easily count them all! That is a bit of joke, but whether you prefer context menus, main menus, or keyboard shortcuts there is probably the choice of doing it your preferred way in X-Ways Forensics.  Additionally, along with all those normal ways there are often sorta hidden short-cuts built in to make common tasks faster.  Once you see theses, there location makes great sense.   But they are one on the kinda of things that are hard to pick up on in a manual, but easy to learn when you see someone do it.

While teaching, Mr. Fleischmann shows students through the tasks that he is performing.  After learning a series of features, Mr. Fleischmann has very well planned out exercises that the students execute on their own.  These are very good at reinforcing what you just learned.  After giving you time to practice, Mr. Fleischmann then leads you through the ideal solution to the exercise.

Mr. Fleischmann starts off each day of class with a review of what was learned the day before.  This is another great adult learning teaching method that reinforces learning. 

There were a wide variety of computer examiners in the course.  Everything from private to the biggest name federal LE agencies.  I did not hear one examiner that was not impressed with the software, Mr. Fleischmann, or the training.

File Systems:

The last two days of the five day course, are a class on file systems.  These two days are very fast paced.  If you don’t come into the class with some knowledge of file systems it is probably to fast to comprehend a lot.  That said, if you come in with some knowledge;  you will leave with a lot more.  Mr. Fleischmann has an amazing knowledge of file systems.  He moves through the MFT in NTFS very fluidly.  He explains all the ends and out.  I don’t mean the usual, “this is a journaling file system that maintain individual entries of each file and their location..”  Mr. Fleishman dives into the actual binary code in example after example, breaking down file entries.   Mr. Fleishman also breaks down and explains other important system files like the $logfile.  I have already used information in this portion of the class to find evidence in a couple cases I would have otherwise missed.

Mr. Fleischmann is nothing short of amazing as an instructor.  He is extremely punctual and efficient throughout the class.  There is not a moment of the course that is not well organized.  He is able to intelligently answer almost any computer question that comes up, no matter how trivial it may be. The course is definitely fast paced, though.  Get your rest, because you will need all your focus. 

This was certainly one of the best computer courses I have had the opportunity to attend.  I would highly recommend it to any computer examiner or data recovery technician!

Speak Your Mind

Phone: (615) 208-6565 1633 W. Main St, Suite 902, Lebanon, TN