Software-update: WinHex 13.6 SR-4

WinHex is niet alleen een universele hex-editor, zoals de naam laat vermoeden, maar is ook in staat om low-level dataprocessing toe te passen via een makkelijke interface. Het programma beschikt onder andere over een RAM-editor, een Data Interpreter en een Disk-editor, en kan dus worden gebruikt om verwijderde informatie terug te halen of om bijvoorbeeld bestanden te inspecteren. De ontwikkelaars van X-Ways Software Technology hebben de vierde service release van WinHex 13.6 uitgebracht met de volgende aanpassingen:

Version 13.6 SR-4:

• Circular bit rotation added as an option in Edit | Modify Data. Allows to decrypt disk images as saved on tapes by legacy computer forensics software.
• More and more hints/warnings when processing files are now attached to these files as report tables associations instead of comments.
• Files copied off an image as part of a report will now be created as read-only, such that they cannot be inadvertently modified when opening them in applications such as MS Word.

Version 13.6 SR-3:

• Generic mailbox files without extension can now be processed.
• Temporary path duplication error in evidence file containers fixed.

Version 13.6 SR-2:

• An error was fixed that prevented generic mailbox files from being processed.
• The ID column did not work in SR-1. This was fixed.

Version 13.6 SR-1:

• When processing large e-mail archives, X-Ways Forensics now remains reponsive, and the operation can be aborted if needed.
• E-mail extracted from e-mail archives in containers will no longer trigger taking a new volume snapshot when re-opening the case.
• .mbox was added as a signature such that generic mailbox files will show "mbox" in the Type column even if they do not have any extension once file type signatures are verified.
• An error was fixed that could prevent e-mail extraction depending on the case path length.

Version 13.6:

• Recursively explored directories are now displayed in turquoise in the directory tree.
• New icons for e-mail messages, for e-mail messages with attachments, and for archives treated like directories.
• Timestamps in e-mail messages are displayed.
• Some fixes and minor improvements.

Version 13.6 beta 2:

• Some fixes.

Version 13.6 beta 1:

• Extracted e-mail messages, e-mail messages with attachments, and e-mail attachments without attachments are now marked as such in the columns Attributes and Description.
• E-mail attachments that are documents like .doc, .xls, .ppt may contain embedded pictures themselves, and such pictures can now be output when refining the volume snapshot.
• That e-mail attachments and embedded files are not only extracted to separate subdirectories, but additionally also embedded directly in the .eml e-mail message files is now optional. The latter takes more time and requires more drive space. It is needed only to be able to directly view pictures embedded in HTML e-mails and to click attachment links in e-mail messages that have been copied to a container.
• By default, OpenOffice documents are now covered by the text decoding option in Logical Search.
• A case can now be deliberately opened as read-only even if it is not password-protected. Useful when opening it twice concurrently, e.g. to avoid losing search results in an ongoing search in one instance of X-Ways Forensics when reviewing files in the same case in another instance. For read-only mode, click the Edit Mode button in the Open Case dialog window.
• Password-protected case files that were saved with the investigator version of X-Ways Forensics can be unlocked with a super-user password if such a password had been specially entered by the administrator. Useful when non-IT investigators forget their passwords.
• A rare error was fixed where containers would associate files with a wrong evidence object.
• Various other improvements and some fixes.

Version 13.6 preview 2:

• E-mail attachments are now both incorporated into the .eml messages and extracted to subdirectories. That way it is easily possible to systematically review/list/search messages and attached files separately (e.g. recursively all PDF documents or JPEG pictures, using dynamic filters) as before, and also click attachment links directly in the .eml files to view the attachments for the currently displayed e-mail message.
• If deleted e-mail messages in e-mail archives are found, they are now listed with the question mark icon.

Version 13.6 preview 1:

• A forensic license now allows to separately list and examine e-mail messages and e-mail attachments in the directory browser, as part of the volume snapshot. The following file formats are supported: Outlook Personal Storage (.pst), Outlook Express (versions 4, 5, and 6, .dbx), Mozilla mailbox (including Netscape and Thunderbird), generic mailbox (mbox, Berkeley mail format, BSD mail format, Unix mail format), Eudora mailbox (.toc and .mbx), PocoMail and Barca mailbox (.idx and .mbx), Opera mailbox (.mbs), Forte Agent mailbox (.idx), The Bat! mailbox (.msb and .tbb), Pegasus mailbox (.pmi, .pmm, and .cnm), Calypso and Courier archive, PMMail message files (.msg), FoxMail mailbox (.box), maildir folders (local copies), MHT Web Archive (.mht), and more. Support for .pst files requires a fully functioning Extended MAPI system (available if a recent version of MS Outlook is installed). Still testing.
• In Preview mode, there is a now a button that allows to change from file format specific to generic text preview mode, which is useful e.g. for e-mail messages if you would like to see the entire e-mail source code.
• Filling very large containers (with many hundred thousands of files) is now faster.
• Option to invert the selection in the directory browser with a command in the context menu.
• Various minor improvements.