Перейти из форума на сайт.

НовостиФайловые архивы
ПоискАктивные темыТоп лист
ПравилаКто в on-line?
Вход Забыли пароль? Первый раз на этом сайте? Регистрация
Компьютерный форум Ru.Board » Компьютеры » Программы » X-Ways WinHex

Модерирует : gyra, Maz

 Версия для печати • ПодписатьсяДобавить в закладки
На первую страницук этому сообщениюк последнему сообщению

Открыть новую тему     Написать ответ в эту тему

DYNAMiCS140685



Silver Member
Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
There is no performance penalty any more for selecting many or all file types for the file header signature search. File header signature searches are now considerably faster and basically limited in speed only by the medium from which the data is read.  
 
Tools | Disk Tools | Clone Disk now allows for reverse disk cloning and reverse disk imaging (requires a specialist or forensic license). Useful if the disk to acquire has severe physical defects that for example cause a disk imaging program or the entire Windows system to freeze or crash when reaching a certain sector. In such a case you can create an image in reverse order, by reading sectors from the end of the disk backwards, and it is even possible to automatically fill an existing incomplete ordinary ("forward") image additionally backwards to get an image that is as complete as possible, with only a small zeroed gap somewhere in the middle that represents the unreadable damaged spot on the source hard disk. Yes, X-Ways Forensics is quite a sophisticated disk imaging tool not only because of its speed, and we would like to remind everyone that additional dongles just for disk imaging are available for much less than the cost of a full license.  
 
With the additional dongles for X-Ways Forensics just for disk imaging you can now additionally use the Tools | Disk Tools | Clone Disk functionality.  
 
Ability to interpret data in the text column as text encoded in an arbitrary code page. That is very useful for East Asian code pages, Eastern European code pages and UTF-8 if the text is found outside of files that can be nicely viewed by the viewer component, e.g. floating around in free drive space. The character set/code page for the text column can now be selected via View | Character Set. Please note that you may need to select a font in General Options that contains all characters that you intend to read, and for East Asian characters you need to have support for these kinds of languages installed in Windows. The ability to select the character set/code page for Disk/Partition/File mode is now tentatively available also in X-Ways Investigator.
 
Ability to view Windows Vista and Windows 7 event log files (.evtx), based on work by Andreas Schuster.
 
Completely revised and more robust registry hive handling. Ability to find deleted keys and values in hives that contain unused space and lost keys/values in damaged/incomplete hives. In the report, deleted values are highlighted in red. If no complete path is known for keys, they will be listed as children of a new virtual key called "Path unknown".
 
Analysis of free space in registry hives with the report definition file "Reg Report Free Space.txt". The free space can be as large as several MB, especially as a consequence of the use of virus scanners and registry cleaning programs.
 
Registry value slack has a relevant size in NTUSER.DAT hives. This fact is now exploited with 2 measures:
 
 1) If the slack contains text strings, it will be output in the registry report (in green). This new feature can optionally be turned off the registry viewer context menu.
 
 2) For values that contain item lists (i.e. are binary) you can use the "Reg Report Free Space.txt" definitions to output registry report will output lists of filenames with timestamps in green. The first timestamps is an access date, the second one is a creation date. If no timestamps can be output, these are artifacts from "RecentDocs".
 
The registry viewer now allows to recursively explore all the keys and values in a hive and sort them in a chronological order.
 
The search function in the registry viewer is now more thorough and robust.
 
Better Unicode support in the registry report for registry hives from computers in Asia.
 
Tray notifications artifacts from Windows 7 registry hives are now supported and decoded. The timestamps render these artifacts useful for computer forensics. Further improved support for shell bags.
 
Windows registry report: New data type %I (ITEM list) covers not only Shell Bag (as in previous versions), but also for example desktop shortcuts. Format adjusted for Windows Vista and 7.
 
Ability to customize the notation of dates, times, and numbers (see new button in Options | General). Useful to be independent of the settings of live system that you want to preview. Ability to display years with 2 digits only.
 
The option to display fractions of seconds in high resolution timestamps has been moved from the directory browser options to the new notation options. The option to display the time zone bias has also been moved to the notation options.
 
Ability to open an evidence object even if the disk or image is not currently available, via a special command in the evidence object's context menu, to see the volume snapshot. That means you can see all the file metadata stored in the volume snapshot (filename, path, file size, timestamps, attributes, etc.), can use all filters etc., but cannot see any data in sectors and cannot open/view any files.
 
Improved thumbnails extraction from Windows Vista's and Windows 7's thumbcache_*.db files. Ability to assign original filenames, file paths, and modification timestamps to certain thumbnails that were previously just named with a 16-digit hex number.
 
When switching from File mode to Partition/Volume mode, X-Ways Forensics will now automatically point you to the offset from the point of view of the partition/volume that is equivalent to the offset within the file where the cursor was positioned last, even if the file is fragmented, if there is an equivalent position (not if the file is a compressed or virtual attached file or an extracted e-mail message or an exported video still etc.).
 
Ability to specify the directory in which to create a case when creating a new case, for that particular case only.  
 
Directories with search hits that are copied from a search hit list now receive a special name when they are created as files in the output folder.  
 
Sorting by search term count column has been accelerated.  
 
Fixed an exception error that could occur when extracting metadata from carved MP4 and ASF files.  
 
Hash database functions internally reworked. When importing the NSRL RDS hash database, X-Ways Forensics now checks for records with the flags "s" (special) and "m" (malicious) so that these hash values are not erroneously included in the same internal hash set that should be categorized as irrelevant.  
 
It is now possible to abort lengthy sort operations. The directory browser is now unsorted after start-up by default. This new behavior can be turned off in the directory browser options.  
 
The grouping options now have an effect even if the directory browser is not sorted.
 
The report table filter has a new option that allows to additionally include siblings of the associated files, i.e. files in the same directory as the files that are part of the selected report table(s). Useful, especially when exploring recursively and sorting by path, to check whether there are any further notable files in the neighborhood.
 
Ability to optionally also add any known duplicates of the selected file(s) in the same evidence object to a report table (files which have been identified as duplicates based on hash values and marked as such in the Attr. column).
 
New investigator.ini option +38 allows to prevent imports of report table associations.
 
Ability to identify animated GIFs. Animated GIFs will be added to a special report table during the file type verification.
 
Support for two new zip subtypes: APK Android smartphone packages and KEY Apple iWork keynote presentation files..
 
Many minor improvements.

Всего записей: 2425 | Зарегистр. 23-10-2008 | Отправлено: 09:41 27-04-2011 | Исправлено: DYNAMiCS140685, 09:44 27-04-2011
Открыть новую тему     Написать ответ в эту тему

На первую страницук этому сообщениюк последнему сообщению

Компьютерный форум Ru.Board » Компьютеры » Программы » X-Ways WinHex


Реклама на форуме Ru.Board.

Powered by Ikonboard "v2.1.7b" © 2000 Ikonboard.com
Modified by Ru.B0ard
© Ru.B0ard 2000-2024

BitCoin: 1NGG1chHtUvrtEqjeerQCKDMUi6S6CG4iC

Рейтинг.ru