Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Je kunt ook een cookievrije versie van de website bezoeken met minder functionaliteit. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , reacties: 1, views: 2.961 •
Bron: X-Ways Software Technology

WinHex logo (60 pix)X-Ways Software Technology heeft versie 16.6 van WinHex uitgebracht. WinHex is niet alleen een universele hex-editor, maar is ook in staat om low-level-dataprocessing toe te passen via een gemakkelijke interface. Het programma beschikt onder meer over een ram-editor, een data-interpreter en een disk-editor, en kan bijvoorbeeld worden gebruikt om verwijderde informatie terug te halen of om bestanden te inspecteren. WinHex werkt op alle Windows-versies vanaf Windows 2000 en is verkrijgbaar in verschillende versies, met prijzen vanaf ongeveer veertig euro. In deze release zijn de volgende veranderingen en verbeteringen doorgevoerd:

What's new?
  • Support for the XFS file system. Requires a forensic license.
  • Ability to add a single file in a directory to the case using the File | Add File command in the Case Data window or via drag & drop to the Case Data window. If you wish to add more than 1 file from the same directory, continue to add the whole directory, just hide or remove those files that are irrelevant. This new kind of evidence object is backward compatible with v16.4 and v16.5. That means if you add a single file to the case, you can also work it in those older versions as well!
  • .e01 evidence files with larger chunk sizes supported.
  • Ability to use the registry viewer during ongoing other operations such as simultaneous searches and volume snapshot refinement.
  • The progress indicator window now displays filenames in the same color in which they are displayed in the directory browser, as described in the legend.
  • When indexing multiple evidence objects in a single step, those that are opened automatically by X-Ways Forensics for indexing will now be automatically closed again when indexing has completed for them (and the same again for optimization), so that the screen is not cluttered with data windows and not all volume snapshots need to be loaded at the same time, which can consume a lot of memory if they contain many millions of files.
  • The contents of JAR archives are now included in volume snapshots only optionally. These archives usually contains many, many irrelevant files and are often deeply nested.
  • Further improved stability when parsing corrupted $UsnJrnl:$J.
  • Exchange EDB extraction further improved.
  • For the Export List command all control codesUnlimited path substring lengths in the Path filter.
  • Deals more gracefully with temporary dongle connection problems. Automatically resumes normal operation once the connection is re-established without user interaction. Useful for example if the dongle is attached to a dongle server when the network connection temporarily does not work.
  • XFS file system support further completed. Now traces of deleted files can be found. (In future releases only when running the particularly thorough file system data structure search.)
  • Avoids duplicate search hits when searching unnecessarily in multiple code pages that are essentially equivalent for all or some of the search terms used. For example, many users seem to select both Latin-1 and UTF-8 even when searching for English language words only.
  • Certain HTML e-mails extracted from PST/EDB are now more clearly marked as HTML format which in some cases helps to view them properly.
  • Reliability of Exchange EDB processing further improved.
  • Options | Volume Snapshot | [x] "NTFS: Search FILE records everywhere" is now one of the infamous three-state checkboxes. If fully checked, FILE records are searched as part of the particularly thorough file system data structure search everywhere in an NTFS partition, if half checked (default setting) only in volume shadow copy host files.
  • If the particularly thorough file system data structure search in an NTFS volume is aborted, X-Ways Forensics now remembers which volume shadow copies (if any) have been processed already and will skip those when you run this operation again.
  • When extracting received e-mails from e-mail archives with no Delivery-Date: line in the header, X-Ways Forensics now takes the modification date from the end of the first Received: line.
  • The paths for cases, images, temporary files, and the hash database maybe now be relative to the directory from where X-Ways Forensics is executed, e.g. like .\Cases and .\Temp. Useful as a configuration that you take on site to preview live systems so that all files will be created on your own external drive, yet in separate directories.
  • That the slack of files that are omitted from logical searches is still searched is now optional. If the box for "Open and search files incl. slack" is fully checked, this option still has priority over all the options that can cause files to be omitted from the search, but not any more if only half checked.
  • XFS file system support slightly revised.
  • Revised representation of wtmp/utmp/btmp log-in records.
  • Supports high-precision timestamps and creation timestamps in Ext4 file systems, where available.
  • XFS support further revised.
  • Now supports relative paths in Options | General starting with .. (the parent directory of the directory from where X-Ways Forensics is executed), not only . (the directory from where X-Ways Forensics is executed).
  • Ability to extract all kinds of files from Safari cache.db browser cache files when refining the volume snapshot.
  • Fixed a rare heap corruption error that was caused by a certain kind of GIF files.
  • Ability to verify multiple selected images in a case in a single operation, i.e. compute their hash values and automatically compare it to already known hash values, if any. You can find the menu command in the context menu of the case (i.e. the context menu that appears when right-clicking the case title where it is printed in bold letters).
  • External viewer programs can now be specified with a relative path, too (one that starts with .\ or ..\).
  • The Tools | Analyze ... command did not work in the 64-bit edition before. That was fixed.
  • Ability to define search hits manually. Whenever you come across some relevant text, for example floating around in free space in Disk/Partition/Volume mode or within a certain file in File mode, you can select it as a block and right-click the block to add it as a so-called user search hit (i.e. some kind of search hit not found by the program). You can assign the search hit to an arbitrarily named search term/category. For example, if what you have found is related to suspect A, assign it as a search hit to a search term named after suspect A. If also related to suspect B, you can also assign it to another search term. You could also assign it to a real search term that you have used for an automatic search.
    User search hits can be conveniently listed in and nicely exported from search hit lists just like ordinary (automatically generated) search hits. You can specify the correct code page for user search hits yourself when you define them, which may be essential to get the text displayed correctly. User search hits are stored related to an object in the volume snapshot if you define them in File mode. User search hits are forward compatible, i.e. older versions (v16.2 and later) can also see user search hits created by v16.6.
  • Search hits may now have a theoretical maximum length of 65,535 bytes and are no longer truncated after 255 bytes.
  • The maximum amount of context that can be included when exporting search hits was increased from 340 bytes to 1000 bytes, and can now be specified separately for context that precedes and context that follows the search hit, even 0 for one or the other. The latter is useful especially for technical searches (not keyword searches), where you have searched for example for a signature that indicates the start of a certain data record, where the data before the hit is irrelevant.
  • Ability to execute X-Tensions in X-Ways Forensics directly from the main menu (Extra | Run X-Tensions). Useful for X-Tensions that don't interact with the volume snapshot or search hits of any particular volume, but for example create or otherwise manage evidence objects themselves. The nOpType parameter in the XT_Prepare function is XT_ACTION_RUN when executed that way. (http://www.x-ways.net/forensics/x-tensions/api.html)
  • Ability to create a second copy of an image immediately when imaging a disk, which is much quicker than copying the image file later and makes sense if the 2nd copy is created on a different drive. Only the first copy will be automatically verified if desired. File spanning (i.e. when to start another image file segment) is kept in sync between both copies even when running out of space on one of the two target drives only.
  • Deals more gracefully with the situation when the connection to the dongle is lost because the computer has been put in hibernation or on standby.
  • Ability to center full window pictures views (not using the viewer component) on a 2nd monitor if you are operating windows with a desktop that spans two monitors.
  • Two new columns in the directory browser are now available with a forensic license: "Parent name" and "Child objects". Both columns come with filters. The filter for child object allows you for example to quickly find all e-mails that have an attachment with a certain name. The filter for parent name for example allows you to quickly find all attachments that were attached to e-mail with a subject that contains certain words. Note that filters for the columns Name, Parent name, and Child objects share the same settings and are mutually exclusive (cannot be active at the same time, one will deactivate the other).
  • Revised support for word boundary anchors (\b) and whole word searches in the Simultaneous Search. (forensic license only) You can now define which characters should be considered parts of word. This is useful to avoid false hits for short words in binary garbage data or Base64 code and generally for users that consider numbers to be parts of words (such as in "GIF89"). Example: An undesirable hit for "band" in "7HZsIF9BaND4TpkSbSBS" can be prevented if you search for it as a whole word and if you additionally redefine the alphabet of word characters to include digits 0-9, so that the positions between "9" and "B" as well as between "D" and "4" are not considered word boundaries.
  • New option in Options | Viewer Programs that allows to automatically close the preview picture viewer window when a new picture is viewed (only when the internal graphics viewing library is used for pictures, not the viewer component).
  • Refresh error fixed in templates with the "multiple" option.
  • Notices in the Messages window when files are not included in a container of the new format again because of duplication.
  • No longer prevents duplication in evidence file containers of the new format for the same object in the same file system if the origin is a different evidence object or if a new volume snapshot has been taken (e.g. because of changes in the evidence object). The messages about avoided duplications are no longer output.
  • Improved attachment name decoding for extraction from DBX and MBOX.
  • Fixed Export List command for user search hits.
  • Fixed an exception error that could occur when running a file header signature search.

WinHex screenshot
WinHex screenshot, klik op de afbeelding voor een grotere versie.

Versienummer:16.6
Releasestatus:Final
Besturingssystemen:Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP, Windows 2000, Windows 7
Website:X-Ways Software Technology
Download:http://www.winhex.com/winhex.zip
Bestandsgrootte:1,71MB
Licentietype:Shareware

Reacties (1)

Gebruik dit programma nu al een paar jaar en het is echt de beste hex/disk editor verkrijgbaar

Op dit item kan niet meer gereageerd worden.



Populair: Vliegtuig Tablets Luchtvaart Samsung Crash Smartphones Microsoft Apple Games Rusland

© 1998 - 2014 Tweakers.net B.V. onderdeel van De Persgroep, ook uitgever van Computable.nl, Autotrack.nl en Carsom.nl Hosting door True

Beste nieuwssite en prijsvergelijker van het jaar 2013