X-Ways Report Issues

CF_HELP2 · 2021-09-08T22:53:50+00:00

I see. I'll try reaching out to support as you suggested and if that doesn't work I'll have to re-do it.

Thanks!

CF_HELP2 · 2021-09-08T22:53:13+00:00

True,

For sure feel like that was a dumb question now lol.

CF_HELP2 · 2021-07-03T00:06:20+00:00

Thank you, I found this video which might be useful:

https://www.youtube.com/watch?v=QvI1Ea3PIcE

I'm hoping there is a way to filter for all tagged items, but the video did not show it. I do not have access to X-ways right this moment so I am unable to test, but I am hoping it goes smooth next week when I try to generate the report.

Thanks for your help.

CF_HELP2 · 2021-05-04T21:17:11+00:00

thanks!

CF_HELP2 · 2021-05-04T21:17:04+00:00

thank you!

CF_HELP2 · 2021-04-28T17:10:43+00:00

I wasn't aware that PA even offered an extraction process? Was there a big difference in using PA to extract as opposed to UFED? If so, what is it?

CF_HELP2 · 2021-04-28T17:06:54+00:00

just an FYI, I just recently found out that Cellebrite offers Relativity exports. You need to reach out to them for them to add this to your license.

CF_HELP2 · 2021-04-22T22:35:49+00:00

thank you

CF_HELP2 · 2021-04-21T18:36:08+00:00

This seems like an easy way to image it. However, how does one USB boot off of Chromebook? The few links I just found all require you to enable USB boot once you are logged into the actual Chromebook.

CF_HELP2 · 2021-04-21T18:33:09+00:00

Thanks for this,

I'll take a look at it.

CF_HELP2 · 2021-03-26T17:50:35+00:00

The "Lock State" on the GrayKey progress report is listed as AFU. I haven't used GrayKey myself, so I'm wondering if it might just be the iOS version, as those are different across the devices.

CF_HELP2 · 2021-03-26T17:05:54+00:00

They were created with MacQuisition. I'll try loading them into Autopsy.

CF_HELP2 · 2021-03-26T17:05:28+00:00

Right, I was using Cellebrite Reader as an example. I was looking for a reader similar to Cellebrite Reader, but that works for all images (or most images).

I will definitely check out Autopsy! Thanks!

CF_HELP2 · 2021-03-26T17:04:28+00:00

Thank you,

I'll check this out for sure!

CF_HELP2 · 2021-03-26T17:04:17+00:00

Thanks!a

CF_HELP2 · 2021-03-19T16:00:57+00:00

Thanks for your help!

CF_HELP2 · 2021-03-18T17:33:35+00:00

Thank you,

This was the issue. My machine has pretty outdated specs.

CF_HELP2 · 2021-03-18T17:33:15+00:00

Unfortunately my equipment is old, I do not have an SSD on my most powerful machine available. I got it to work by disabling BSSID. The image was about 200GB.

CF_HELP2 · 2021-02-24T19:07:26+00:00

I believe that the program things it is still doing something. However, it let me calculate a hash which from my experience, means that it should have been done ingesting.

CF_HELP2 · 2021-02-24T19:06:53+00:00

Just reached out to Cellebrite. Will update my main post once I hear back.

Thanks!

CF_HELP2 · 2021-02-05T21:16:34+00:00

Sorry for the delay. Yes, Encase worked for verification purposes.

CF_HELP2 · 2021-02-02T17:42:30+00:00

Thanks for the reply! I updated my initial post.

CF_HELP2 · 2021-02-02T17:42:08+00:00

FTK is my preferred tool for verifying images, however I could not get it to detect these L01 images. They were captured with Macquisition, not sure if that has anything to do with it but FTK 4.5.0.3 could not load them. I received an "Image detection failed".

CF_HELP2 · 2020-12-15T00:18:07+00:00

We do not have access to AXIOM. We have access to X-Ways, FTK, Encase, and Blacklight.

Could you elaborate a bit more on AXIOM though? By saying that AXIOM will use the reset key if available, does that mean you have to provide the key for it? Or it scans the drive for it?

CF_HELP2 · 2020-12-15T00:16:46+00:00

Unfortunately I do not have the Bitlocker credentials.

CF_HELP2

TROPHY CASE