Перейти из форума на сайт.

НовостиФайловые архивы
ПоискАктивные темыТоп лист
ПравилаКто в on-line?
Вход Забыли пароль? Первый раз на этом сайте? Регистрация
Компьютерный форум Ru.Board » Компьютеры » Программы » X-Ways WinHex

Модерирует : gyra, Maz

 Версия для печати • ПодписатьсяДобавить в закладки
На первую страницук этому сообщениюк последнему сообщению

Открыть новую тему     Написать ответ в эту тему

SAT31



Gold Member
Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
What's new?  
* Support for the XFS file system. Requires a forensic license.  
* Ability to add a single file in a directory to the case using the File | Add File command in the Case Data window or via drag & drop to the Case Data window. If you wish to add more than 1 file from the same directory, continue to add the whole directory, just hide or remove those files that are irrelevant. This new kind of evidence object is backward compatible with v16.4 and v16.5. That means if you add a single file to the case, you can also work it in those older versions as well!  
* .e01 evidence files with larger chunk sizes supported.  
* Ability to use the registry viewer during ongoing other operations such as simultaneous searches and volume snapshot refinement.  
* The progress indicator window now displays filenames in the same color in which they are displayed in the directory browser, as described in the legend.  
* When indexing multiple evidence objects in a single step, those that are opened automatically by X-Ways Forensics for indexing will now be automatically closed again when indexing has completed for them (and the same again for optimization), so that the screen is not cluttered with data windows and not all volume snapshots need to be loaded at the same time, which can consume a lot of memory if they contain many millions of files.  
* Many other minor improvements.  
* Same fix level as v16.5 SR-7.
 
Preview 2:
 
* The contents of JAR archives are now included in volume snapshots only optionally. These archives usually contains many, many irrelevant files and are often deeply nested.  
* Further improved stability when parsing corrupted $UsnJrnl:$J.  
* Same fix level as v16.5 SR-8.  
 
By way of exception, the 64-bit edition of v16.5 SR-8 may be added on top of the 32-bit v16.6 Preview 2. (Usually only exactly identical versions may be mixed in the same directory.)
 
Preview 3:
 
* Exchange EDB extraction further improved.  
* For the Export List command all control codes <0x20 now filtered out from the Metadata column, except for line breaks and tabs that are still replaced with semicolons.  
* Unlimited path substring lengths in the Path filter.  
* Deals more gracefully with temporary dongle connection problems. Automatically resumes normal operation once the connection is re-established without user interaction. Useful for example if the dongle is attached to a dongle server when the network connection temporarily does not work.  
* Some minor improvements.
 
Preview 4:
 
* XFS file system support further completed. Now traces of deleted files can be found. (In future releases only when running the particularly thorough file system data structure search.)  
* Avoids duplicate search hits when searching unnecessarily in multiple code pages that are essentially equivalent for all or some of the search terms used. For example, many users seem to select both Latin-1 and UTF-8 even when searching for English language words only.  
* Certain HTML e-mails extracted from PST/EDB are now more clearly marked as HTML format which in some cases helps to view them properly.  
* Reliability of Exchange EDB processing further improved.  
* Options | Volume Snapshot | [x] "NTFS: Search FILE records everywhere" is now one of the infamous three-state checkboxes. If fully checked, FILE records are searched as part of the particularly thorough file system data structure search everywhere in an NTFS partition, if half checked (default setting) only in volume shadow copy host files.  
* Some minor improvements. Same fix level as v16.5 SR-9.
 
Preview 5:  
 
* If the particularly thorough file system data structure search in an NTFS volume is aborted, X-Ways Forensics now remembers which volume shadow copies (if any) have been processed already and will skip those when you run this operation again.  
* When extracting received e-mails from e-mail archives with no Delivery-Date: line in the header, X-Ways Forensics now takes the modification date from the end of the first Received: line.  
* The paths for cases, images, temporary files, and the hash database maybe now be relative to the directory from where X-Ways Forensics is executed, e.g. like .\Cases and .\Temp. Useful as a configuration that you take on site to preview live systems so that all files will be created on your own external drive, yet in separate directories.  
* That the slack of files that are omitted from logical searches is still searched is now optional. If the box for "Open and search files incl. slack" is fully checked, this option still has priority over all the options that can cause files to be omitted from the search, but not any more if only half checked.  
* XFS file system support slightly revised.  
* Some minor improvements.
 
* A few fixes for Exchange EDB support.
 
Beta 1:
 
* Revised representation of wtmp/utmp/btmp log-in records.  
* Supports high-precision timestamps and creation timestamps in Ext4 file systems, where available.  
* XFS support further revised.  
* Now supports relative paths in Options | General starting with .. (the parent directory of the directory from where X-Ways Forensics is executed), not only . (the directory from where X-Ways Forensics is executed).  
* Ability to extract all kinds of files from Safari cache.db browser cache files when refining the volume snapshot.  
* Fixed a rare heap corruption error that was caused by a certain kind of GIF files.  
* Some minor improvements and fixes.
 
Beta 2:
 
* Ability to verify multiple selected images in a case in a single operation, i.e. compute their hash values and automatically compare it to already known hash values, if any. You can find the menu command in the context menu of the case (i.e. the context menu that appears when right-clicking the case title where it is printed in bold letters).  
* External viewer programs can now be specified with a relative path, too (one that starts with .\ or ..\).  
* The Tools | Analyze ... command did not work in the 64-bit edition before. That was fixed.  
* Some minor improvements.  
* Fixes of v16.5 SR-10.
 
Error in 64-bit edition of Beta 2 fixed.
 
Beta 3:
 
* Ability to define search hits manually. Whenever you come across some relevant text, for example floating around in free space in Disk/Partition/Volume mode or within a certain file in File mode, you can select it as a block and right-click the block to add it as a so-called user search hit (i.e. some kind of search hit not found by the program). You can assign the search hit to an arbitrarily named search term/category. For example, if what you have found is related to suspect A, assign it as a search hit to a search term named after suspect A. If also related to suspect B, you can also assign it to another search term. You could also assign it to a real search term that you have used for an automatic search.  
 
User search hits can be conveniently listed in and nicely exported from search hit lists just like ordinary (automatically generated) search hits. You can specify the correct code page for user search hits yourself when you define them, which may be essential to get the text displayed correctly. User search hits are stored related to an object in the volume snapshot if you define them in File mode. User search hits are forward compatible, i.e. older versions (v16.2 and later) can also see user search hits created by v16.6.  
* Search hits may now have a theoretical maximum length of 65,535 bytes and are no longer truncated after 255 bytes.  
* The maximum amount of context that can be included when exporting search hits was increased from 340 bytes to 1000 bytes, and can now be specified separately for context that precedes and context that follows the search hit, even 0 for one or the other. The latter is useful especially for technical searches (not keyword searches), where you have searched for example for a signature that indicates the start of a certain data record, where the data before the hit is irrelevant.  
* Ability to execute X-Tensions in X-Ways Forensics directly from the main menu (Extra | Run X-Tensions). Useful for X-Tensions that don't interact with the volume snapshot or search hits of any particular volume, but for example create or otherwise manage evidence objects themselves. The nOpType parameter in the XT_Prepare function is XT_ACTION_RUN when executed that way. (http://www.x-ways.net/forensics/x-tensions/api.html)  
* Ability to create a second copy of an image immediately when imaging a disk, which is much quicker than copying the image file later and makes sense if the 2nd copy is created on a different drive. Only the first copy will be automatically verified if desired. File spanning (i.e. when to start another image file segment) is kept in sync between both copies even when running out of space on one of the two target drives only.  
* Deals more gracefully with the situation when the connection to the dongle is lost because the computer has been put in hibernation or on standby.  
* Ability to center full window pictures views (not using the viewer component) on a 2nd monitor if you are operating windows with a desktop that spans two monitors.
 
Beta 4:
 
* Imaging write error of Beta 3 fixed.
 
Beta 5:
 
* Fixed index search error that appeared in v16.5.
 
Beta 6:
 
* Two new columns in the directory browser are now available with a forensic license: "Parent name" and "Child objects". Both columns come with filters. The filter for child object allows you for example to quickly find all e-mails that have an attachment with a certain name. The filter for parent name for example allows you to quickly find all attachments that were attached to e-mail with a subject that contains certain words. Note that filters for the columns Name, Parent name, and Child objects share the same settings and are mutually exclusive (cannot be active at the same time, one will deactivate the other).  
* Revised support for word boundary anchors (\b) and whole word searches in the Simultaneous Search. (forensic license only) You can now define which characters should be considered parts of word. This is useful to avoid false hits for short words in binary garbage data or Base64 code and generally for users that consider numbers to be parts of words (such as in "GIF89"). Example: An undesirable hit for "band" in "7HZsIF9BaND4TpkSbSBS" can be prevented if you search for it as a whole word and if you additionally redefine the alphabet of word characters to include digits 0-9, so that the positions between "9" and "B" as well as between "D" and "4" are not considered word boundaries.
 
v16.6 was just released.  
 
Changes since the last beta version:  
 
* New option in Options | Viewer Programs that allows to automatically close the preview picture viewer window when a new picture is viewed (only when the internal graphics viewing library is used for pictures, not the viewer component).  
* Refresh error fixed in templates with the "multiple" option.  
* Notices in the Messages window when files are not included in a container of the new format again because of duplication.

Всего записей: 9260 | Зарегистр. 11-09-2009 | Отправлено: 18:43 02-08-2012 | Исправлено: SAT31, 18:45 02-08-2012
Открыть новую тему     Написать ответ в эту тему

На первую страницук этому сообщениюк последнему сообщению

Компьютерный форум Ru.Board » Компьютеры » Программы » X-Ways WinHex


Реклама на форуме Ru.Board.

Powered by Ikonboard "v2.1.7b" © 2000 Ikonboard.com
Modified by Ru.B0ard
© Ru.B0ard 2000-2024

BitCoin: 1NGG1chHtUvrtEqjeerQCKDMUi6S6CG4iC

Рейтинг.ru