Video 59 - Introduction to X-Tensions for Beginners
In this video 59, I attempt to give a brief overview of the basics of writing your first X-Tension. This is a very high level walkthrough, designed to help those who might have tried and failed to get to grips with how an X-Tension works, and how they can be built.
X-Tensions allow digital forensics people who have programming abilities to add their own bespoke functionality to their XWF casework, with the added beauty of not having to build routines that open E01 images, navigate to partition offsets etc. You can leave X-Ways Forensics to do all that hard work still, but then for specific items in a case, or for all items if necessary, you can have code executed that does particular 'things' that X-Ways Forensics itself might not do. This functionality might be something that you can only currently get by another standalone tool, or a tool you have built from the ground up. For example, you might want to examine every item in an image, open it, and then search for a very specific byte sequence or some kind of data structure, and then if found in any given file(s), output those filenames, along with their file sizes, and, say MFT Record ID, to a log. Obviously you can do parts of that within X-Ways Forensics itself, but you see my point how you can add very specific requirements? Different companies and different government bodies will have different requirements. And X-Tensions allows those groups to have that bespoke functionality to be built into your organisation, and also even shared as open-source code if you are so inclined and if you are authorised to do so.
In this video I explain the use of the open-source, free, object orientated FreePascal language to build an X-Tension using the Lazarus IDE. It's a programming system I've been using for about ten years for everything from bit level shifting to large self-contained GUI tools. A very powerful, very fast, and very underrated language (this is NOT the same as Turbo Pascal, which nearly everyone I meet tells me they used to learn programming!). It can also be used for writing X-Tensions, as I show here. Disclaimer : I am highly likely to have got my words jumbled here and there....please read the documentation to ensure YOU understand what you are doing :-)
The overall aim of the video is to show the user :
- Where to get Lazarus and Freepascal
- Where to get the X-Ways Forensics X-Tension API
- How to start your first X-Tension
- Walk you through the core concepts and the difference between XT_* and XWF_* functions and introduce you to the key areas of the API documentation
- Show a demo of creating an X-Tension that simply computes the file size of each item in an evidence object, and outputs the computed data with the filename to the message window, with an end date and computed time.
Obviously the power of X-Tensions is largely unlimited, but as this video is an hour long as it is, I might struggle showing more advanced subjects, though I may build them up into a form of class system, to show how one function can build onto another etc. It's also very difficult trying to explain complex issues that were new to me only one year ago as well! So I hope it helps a little at least, even if its not perfect.