Friday, March 31, 2017

Customizing the filter type in X-Ways Forensics

The Filter:Type in X-Ways Forensics is one of my favorite filters. After many uses, I started thinking on how to make it more suitable for my needs.

This is my tweaked version:


This is a quick summary of the changes:
  • the categories are sorted alphabetically;
  • some categories were renamed;
  • there are now new categories like Network/Packets and Memory;
  • some extensions were moved to other categories;
  • some new extensions/filenames were added to the list.

If you want to give it a try, replace the two files "File Type Categories.txt" and "File Type Categories User.txt" in your installation folder with the ones you can download from my repository xways-forensics .

References

-----------------------------------------------
[UPDATE 03/April/2017]: I added the category Malware, Ransomware which is based on the Ransomware Overview document.
-----------------------------------------------
[UPDATE 11/July/2017]: The custom filter types was added to the Bookmarks menu in the latest version of XWFIM X-Ways Forensics Installation Manager (v1.7.0.0). Thanks Eric!