Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Je kunt ook een cookievrije versie van de website bezoeken met minder functionaliteit. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , reacties: 5, views: 2.257 •
Bron: X-Ways Software Technology

WinHex logo (60 pix)X-Ways Software Technology heeft versie 15.6 van WinHex uitgebracht. WinHex is niet alleen een universele hexeditor, maar is ook in staat om low-level dataprocessing toe te passen via een makkelijke interface. Het programma beschikt onder meer over een ram-editor, een data-interpreter en een disk-editor, en kan bijvoorbeeld worden gebruikt om verwijderde informatie terug te halen of  om bestanden te inspecteren. WinHex werkt op alle Windows-versies vanaf Windows 2000 en is verkrijgbaar in vier verschillende versies, met prijzen vanaf veertig euro. In deze release zijn de volgende veranderingen en verbeteringen doorgevoerd:

What's new?
  • X-Ways Forensics can now identify the true sector count according to ATA on ATA/SATA hard disks where that failed (returned a question mark only) in previous versions. Useful to detect an attempt to limit the addressable capacity of a hard disk using an HPA (host-protected area) or DCO (device configuration overlay). (forensic license only)
  • Whenever X-Ways Forensics checks for an HPA/DCO (that is when imaging a hard disk, when adding it to a case, or when creating a Technical Details Report for it) and actually detects one, it now offers to either temporarily or permanently deactivate the HPA/DCO and make the full official disk capacity accesssible, so that you can e.g. image the hard disk in its full size before it returns to its original state next time when it powers down. (forensic license only)
  • The Technical Details Report can now retrieve the internal error count recorded by hard disks if available through the SMART interface.
  • Better plausibility checks for deleted files in Ext* file systems.
  • Representation of file system areas in certain Ext4 volumes corrected.
  • The link reference (inode number) of a hard-link file in HFS+ is now shown in the Comments column. You can use the Comments filter to filter for a given inode number.
  • Representation of the system files Attributes and Startup in the root directory of HFS+ volumes, if defined.
  • Convenient display and deconstruction of the objects ID(s) of files stored in NTFS volumes in Details mode.
  • Matches for multiple hash sets are now supported in the hash set column.
  • Encryption/decprytion with AES accelerated on computers with multiple processor cores thanks to parallelization.
  • Indexing and index optimization revised. They are now slightly faster, and are more efficient in memory utilization.
  • Improved sorting performance for the columns for which sorting became slower with v15.4 (date columns, SC%, pixels, owner, hard-link count, ...).
  • That .eml files are renamed to .txt when copying files off the image for inclusion in the report so that Internet Explorer can open them, is now optional, so that Firefox can send such files to Outlook Express.
  • Pictures can now be optionally embedded directly in the HTML report as inline code, so that there is no need any more for separate files in the report subdirectory. Of course, this greatly increases the size of the HTML file.
  • The folder for scripts is now also used as the folder for templates.
  • That the general folder for images is preselected when adding images to the case is now optional.
  • When importing a hash set, X-Ways Forensics automatically filters out duplicate hash values within that hash set. This has a big effect on the US NIST NSRL RDS database for example and reduces its size tremendously. If your hash database already contains hash sets with duplicates, those will be eliminated by v15.6 as well next time when you import any other hash set. Hash databases used by v15.6 and later cannot be opened any more by v15.1 or earlier.
  • The Sender and Recipients columns are now populated for e-mail attachments, too, so that even when you focus on attachments you can immediately tell who sent that file to whom, and don't have to navigate to the parent e-mail message to find out (e.g. by pressing the Backspace key). You can also filter for attachments via Sender/Recipient.
  • The Sender and Recipients fields are now copied into evidence file containers for e-mail messages extracted from PST/OST files without the MAPI method.
  • Sorting many e-mail messages by Sender or Recipients was potentially very slow in earlier versions, except in v15.5 for e-mails extracted from PST/OST archives not via MAPI. Sorting by Sender or Recipients is now generally fast for e-mail extracted with v15.6.
  • Sender and Recipients as well as an internal creation date are now extracted from original .eml files (i.e. .eml files not created by X-Ways Forensics when extracting e-mails from e-mail archives) when extracting internal metadata from such files.
  • Fixed an error that could cause instability when using the Sender/Recipient filter.
  • The Attribute filter for "e?" did not work for files that were marked as e-mail attachments. This was fixed.
  • Ability to finalize/convert/encrypt evidence file container in X-Ways Investigator after filling them, just like in X-Ways Forensics. Useful for example when investigators need to forward identified incriminating files (e.g. CP) to other departments/agencies in an encrypted state. In order to not unnecessarily confuse users of X-Ways Investigator who don't need this ability, it can be disabled with the new switch +32 in investigator.ini.
  • Option to always specifically run WinHex/X-Ways Forensics as administrator under Windows Vista/7 (see General Options).
  • Option to automatically restart the program when a restart is necessary after changing certain settings.
  • Ability to optionally store the key for already added AES-encrypted .e01 evidence files in the case file, so that you don't have to enter it over and over again when opening the evidence object. This is convenient, but 100% secure only if you protect your case files.
  • Metadata extraction from HTML documents.
  • Simple and quick plausibility check for internally reconstructed RAID 5 that warns you immediately after reconstruction if the parity does not match.
  • A new directory browser option now controls whether files with child objects will be typically viewed or explored on a double-click. If the checkbox is half-checked, you will be prompted whenever double-clicking such a file. In earlier versions such a file was always explored, altough it might have been more intuitive to view it (think of a MS Office 2007 or OpenOffice document with XML files as child objects).
  • Avoids a memory allocation error message when trying to open certain files with a size of 0 bytes on NTFS volumes.

WinHex screenshot

Versienummer:15.6
Releasestatus:Final
Besturingssystemen:Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP, Windows 2000, Windows 7
Website:X-Ways Software Technology
Download:http://www.winhex.com/winhex.zip
Bestandsgrootte:1,45MB
Licentietype:Shareware

Reacties (5)

Deze tool vind meer dan menig undelete-tooltje op het net, en ik gebruik het om images te maken van geheugenkaarten en usb sticks, om zo informatie te vinden die al lang verloren lijkt te zijn.

Zo kun je makkelijk full text search doen op alle raw data van een medium, en meerdere strings tegelijk zoeken.
Fantastische tool.
En het is natuurlijk, zoals de naam al aangeeft een hex-editor :Y)
Deze tool wordt ook veel gebruikt bij het onschadelijk maken van de rootkit/hack software die bij games wordt meegeleverd. Ikzelf heb het ook helaas al meerdere keren moeten gebruiken om games te kunnen spelen op Windows 7. Race Driver 3 gebruikt bijvoorbeeld StarForce en die kan niet ge´nstalleerd worden onder Win7 omdat de hacks of bugs van XP niet in 7 zitten. De game zelf doet het prima, maar StarForce doet het gelukkig niet.....en daarom het spel ook niet.......lekker scheef. Dus daarom ben ik nu gebruiker van heel erg kwaadaardige, schadelijke en biljoenen kostende piraten software.

Zonder deze tool had ik nu alleen maar doosjes met dvd's van software die niet te gebruiken zijn. Super tool :)
Wat is een universele hexeditor, is dit ook bruikbaar elders in het universum ofzo?
Natuurlijk. Zolang het universum Windows blijft gebruiken, werkt het feilloos ;).
Universeel als in; veelzijdig, allesomvattend. Het is fatsoenlijk Nederlands hoor. Als je het Nederlands niet machtig bent wil ik het ook wel in het Engels of Duits uitleggen.

Op dit item kan niet meer gereageerd worden.



Populair:Apple iPhone 6Samsung Galaxy Note 4Apple iPad Air 2FIFA 15Motorola Nexus 6Call of Duty: Advanced WarfareApple WatchWorld of Warcraft: Warlords of Draenor, PC (Windows)Microsoft Xbox One 500GBSamsung

© 1998 - 2014 Tweakers.net B.V. Tweakers is onderdeel van De Persgroep en partner van Computable, Autotrack en Carsom.nl Hosting door True

Beste nieuwssite en prijsvergelijker van het jaar 2013