Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Je kunt ook een cookievrije versie van de website bezoeken met minder functionaliteit. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , reacties: 2, views: 3.136 •
Bron: X-Ways Software Technology

WinHex logo (60 pix)X-Ways Software Technology heeft versie 15.8 van WinHex uitgebracht. WinHex is niet alleen een universele hexeditor, maar is ook in staat om low-level dataprocessing toe te passen via een gemakkelijke interface. Het programma beschikt onder meer over een ram-editor, een data-interpreter en een disk-editor, en kan bijvoorbeeld worden gebruikt om verwijderde informatie terug te halen of om bestanden te inspecteren. WinHex werkt op alle Windows-versies vanaf Windows 2000 en is verkrijgbaar in vier verschillende versies, met prijzen vanaf veertig euro. In deze release zijn de volgende veranderingen en verbeteringen doorgevoerd:

What's new?
  • Ability to internally reconstruct JBOD, i.e. virtually concatenate spanned physical disks (or images of physical disks), via the menu command Specialist | Reconstruct RAID System. Requires a specialist license or higher.
  • Recover/Copy: Ability to group existing and deleted files even when not recreating the original path. Forensic license only.
  • Recover/Copy: Ability to group files by other parameters such as file type, category, description, sender, owner, hash set, hash category, report table association. Forensic license only.
  • Recover/Copy: The single-character suffix that is used to name output folders for child objects of files (distinguish them from the name of the parent files, avoid name conflicts) is now user-definable. It can also be disabled to return to the behavior of v15.5 and earlier, where the words " child objects" were appended. Forensic license only.
  • Recover/Copy no longer recreates the original Windows attributes when copying files because hidden and system attributes often make it unnecessarily complicated to see the output files.
  • For e-mail extracted by v15.8, you can now see in the Attribute column if an e-mail message is marked as unread. Forensic license only.
  • Revised ability to filter for e-mail messages via the Attr. column. Note that the additional e-mail properties by which you can filter are combined with a logical AND, not OR, as otherwise common within the Attr. filter. Forensic license only.
  • The number of files that are contained in a directory or in evidence objects (recursively) is now optionally displayed in the directory tree and in the directory browser directly following the directory name, in parentheses. This allows you to easily find directories or evidence objects/partitions that contain most files. A file count is also provided for files that have child objects. File counts are also presented in a new directory browser column, which is sortable. Forensic license only.
  • Numeric columns in the directory browser such as 1st sector, skin color percentage, internal ID etc. are now right-aligned.
  • If recursive selection statistics are enabled, in the directory browser X-Ways Forensics now shows as the size of a directory the total size of all the files directly or indirectly contained in that directory, not the size of the data structures of the directory any more. Comments about this new feature are welcome. The recursive selection statistics now exclude the size of the data structures of the directories themselves.
  • The recursive selection statistics are now considerably faster to compute for directories on large volume snapshots.
  • It is now possible to monitor lengthy operations in X-Ways Forensics from other computers in the same network, i.e. see whether they are still ongoing or completed. In General Options you can enable progress notifications via text files (that can be created in a directory on a network drive) and via e-mail in user-defined intervals. Forensic license only.
  • Detection of eCryptfs-encrypted files (files stored by the Enterprise Cryptographic FileSystem for Linux). Based on material provided by Ted Smith and implementations for Ubuntu 8.10, 9.04, 9.10 and 10.04. Such files will by marked with E in the Attributes column, just like EFS-encrypted files in NTFS, but only after the encryption test has been run. Forensic license only.
  • New default directory for cases under Windows Vista and 7 if X-Ways Forensics has been installed with the setup program.
  • Sent e-mails in PST/OST archives are now extracted as .eml files by the non-MAPI extraction method, too, and their timestamps are now shown in the timestamp columns.
  • Outlook calendar entries, contacts, notes, and tasks will now also be shown with timestamps.
  • GPS module timestamps and coordinates are now extracted from JPEG files that contain them.
  • Certain deleted files that are found during the particularly thorough file system data structure search in NTFS volumes can now be represented with correct contents even if they are fragmented and their FILE records are not available any more.
  • The category filter popup menu has a tentatively introduced gimmick that allows to see statistics about the categories of the files currently listed.
  • Outlook journal entries are now better represented.
  • Comments in zip archives will be extracted by the metadata extraction.
  • Zip archives that contain hidden files will now be flagged with a report table association.
  • Recover/Copy: Ability to embed attachments that are part (but not the only contents) of e-mail messages in their respective parent .eml files, if both the attachment(s) and the e-mail message are selected for copying and not excluded by any filter. Not yet 100% flawless, but usable. The ability to embed attachments in .eml files already when extracting e-mail from e-mail archives will be removed only in the next version after 15.8.
  • Support for non-English attachment names in artificially generated .eml representation of e-mails that were extracted from OST/PST with the non-MAPI method.
  • New checkbox for logical searching and indexing that allows to specifically omit directories (i.e. not search NTFS INDX buffer, FAT directory entries etc. etc.).
  • Maximum number of search terms that can be logically combined for a fuzzy AND combination slightly increased from 7 to 8.
  • Contiguous bad clusters in FAT volumes are now represented as separate virtual files.
  • Correct representation of FAT and root directory in the volume snapshot for FAT volumes with only 1 file allocation table.
  • Ability to specify non-zero header sizes in component disks of JBODs. Note that if not all the sectors on the component disks are actually used (some reserved at the end) then prior to reconstructing the RAID you can specify the used sector count for each component via Tools | Disk Tools | Set Disk Parameters.
  • Recover/Copy: Encoded size of embedded attachments now always correct. Warning if attachments are to be added and filters are affecting the scope of the operation as that may inadvertently exclude the attachments.
  • Polish translation of the menu.
  • PNG metadata extraction revised.
  • Support for the Linux file system next3. The exclude bitmap inode will be evaluated, and snapshot files are marked with (SF) in the Attribute column. Specialist license or higher required.
  • Table "Partitions by disk signature" in registry report now supported for Windows 7 registries, too. New table "Windows portable devices".

WinHex screenshot

Versienummer:15.8
Releasestatus:Final
Besturingssystemen:Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP, Windows 2000, Windows 7
Website:X-Ways Software Technology
Download:http://www.winhex.com/winhex.zip
Bestandsgrootte:1,57MB
Licentietype:Shareware

Reacties (2)

Het programma beschikt onder meer over een ram-editor, een data-interpreter en een disk-editor

Die dus niet werken.
Limitations under Windows Vista/2008 Server/7: Physical RAM cannot be opened. Install WinHlp32.exe (for Vista/for 7) to be able to use the program help. Unable to write sectors on the partitions that contain Windows and WinHex.

Het is mij een raadsel waarom Winhex niet werkt in situaties waar de Cheat Engine dat wel doet, terwijl ze volgens mij hetzelfde proberen: RAM patchen.

[Reactie gewijzigd door Kalief op 11 oktober 2010 23:36]

je kunt de logische weergave van de address space van een process openen en ermee doen wat je wil, maar je kunt niet zeggen: open een specifiek deel van mijn fysieke geheugenchip. dat kan in windows al een decennium niet meer of zo. ook cheat engine doet dat dus niet.

Op dit item kan niet meer gereageerd worden.



Populair:Apple iPhone 6Samsung Galaxy Note 4Apple iPad Air 2FIFA 15Motorola Nexus 6Call of Duty: Advanced WarfareApple WatchWorld of Warcraft: Warlords of Draenor, PC (Windows)Microsoft Xbox One 500GBTablets

© 1998 - 2014 Tweakers.net B.V. Tweakers is onderdeel van De Persgroep en partner van Computable, Autotrack en Carsom.nl Hosting door True

Beste nieuwssite en prijsvergelijker van het jaar 2013