Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , 1 reactie
Bron: X-Ways Software Technology

WinHex is niet alleen een universele hex-editor, zoals de naam laat vermoeden, maar is ook in staat om low-level dataprocessing toe te passen via een makkelijke interface. Het programma beschikt onder andere over een RAM-editor, een Data Interpreter en een Disk-editor, en kan dus worden gebruikt om verwijderde informatie terug te halen of om bestanden te inspecteren. De ontwikkelaars van X-Ways Software Technology hebben de vierde service release van WinHex 13.7 uitgebracht met de volgende aanpassingen:

Version 13.7:
  • On Chinese Windows systems, X-Ways Forensics can now be run with a Chinese user interface if support for East Asian languages is installed in Windows. (The translation is not 100% complete.)
  • Ability to search for non Latin-1/Western European language characters (e.g. Cyrillic, Arabic, Greek, Chinese, ...) in an explicitly specifiable code page, in addition to 16-bit Unicode, with the physical & logical simultaneous search.
  • Ability to export search hit offsets and search hits from search hit lists. Ability to export the hits with context previews of an arbitrary length (up to 240 bytes in total). Available for search hits in both ASCII and Unicode, for both ASCII and Unicode output text files.
  • An additional sortable column for search hit lists was introduced that describes for each search hit whether it is a Unicode or a codepage search hit, whether references the decoded version of a file, and whether the search hit is in a file's slack (only for search hits gathered with v13.7 and later). The latter allows to systematically copy the file slack off an image with the Recover/Copy command for all search hits that are not located in the logical part of a file.
  • Ability to save index search hits permanently, without marking them as notable, under a dedicated search term item in the search term list.
  • Search terms for index searches are now logged.
  • It is now possible to start indexing for all evidence objects from the case root window. The optional optimization step is now executed only after all evidence objects have been indexed.
  • In certain scenarios with repartitioned or reformatted NTFS volumes, previously existing files could cause an infinite loop during indexing. This was fixed. (since v13.6 SR-7.)
  • The gallery is now considerably faster. Loading large pictures for preview or full window view is faster, too.
  • The check for skin colors and black-and-white pictures is now faster and more stable when dealing with corrupt pictures. The computed skin color percentages may differ slightly when compared to earlier versions of X-Ways Forensics.
  • The "1st cluster" column was replaced with a "1st sector" column. This allows WinHex/X-Ways Forensics 1) to make better targeted jumps to resident files on NTFS volumes, 2) to display this information for fictitious files in special file system areas, and 3) to more successfully prevent duplicate files found by header signature (e.g. if run repeatedly) if they start at mere sector, not cluster boundaries. Also this allows the user to tell more easily which files are affected by bad sectors (after converting number ranges of bad sectors on physical disks to logical sector numbers on the partition). The improved precision for files that do not start at cluster boundaries is available only for newly taken volume snapshots.
  • "File Recovery by Name" is no longer available. The more flexible substitute is to recover files selectively from the directory browser, with the Recover/Copy command. To achieve the same effect as with "File Recovery by Name", explore the root directory recursively, optionally activate a filter like the filename filter, and then select all. Unlike "File Recovery by Name", this works with all supported file systems, and all filters are available, not just a filename filter. The ability to explore directories or an entire volume recursively is available to owners of personal and professional licenses for the first time now.
  • The selection statistics (amount of data in KB/MB/GB) and the logical search progress indicator now take into account that files do not necessarily have any data attached to them (where metadata is known only), even if their nominal file size suggests that. This helps to avoid confusion that could arise in earlier version if the amount of data copied or searched was less than expected. Also such files are now copied/opened with a size of 0 bytes instead of not opened/copied at all.
  • There is now a progress indicator for the Recover/Copy command and for filling evidence file containers with selected files.
  • When copying files off an evidence object and the output path is too long, the omitted files are now added to a dedicated report table so that they can easily be addressed separately later, e.g. copied again without path.
  • Reduced the amount of output to the messages window when refining the volume snapshot. More and more hints/warnings are now attached to these files as report tables associations instead of comments.
  • Better compatibility with unusual sector sizes on fixed media.
  • Circular bit rotation added as an option in Edit | Modify Data. Allows to decrypt disk images as saved on tapes by certain legacy computer forensics software.
  • Ability to manually shorten the path that can be optionally output as a header when printing documents, by holding the Shift key when sending the print job. Useful as the viewer component truncates very long path always at the end, which may not be desirable.
  • The name of the evidence object is now part of the path when printing files with the viewer component and printing the path as the header. (since v13.6 SR-6)
  • Separate icon for deleted e-mail messages with attachments. (since v13.6 SR-7)
  • Windows installation dates as recorded in the registry of Windows 95/98/Me are no longer incorrectly converted when creating the registry report. (since v13.6 SR-7)
  • An error was fixed that under certain circumstances (many report table associations) caused an exception when saving the case. (since v13.6 SR-7)
  • Deals more gracefully with garbage .gz files found through signature search.
  • Often there are now more descriptive error messages when e-mail archives cannot be processed (because they are corrupt, unsupported format etc.). (since v13.6 SR-5)
  • An error was fixed that could prevent e-mail extraction depending on the case path length. (since v13.6 SR-1) Fixed exception an error that could occur when extracting e-mail messages. (since v13.6 SR-5)
  • Ability to specify how cooperative X-Ways Forensics behaves during operations that involve a progress indicator window (e.g. hashing, searching) when competing with other processes for CPU time, by pressing Shift+Ctrl+F5. 0 is the default setting (not specially cooperative). You may try values like 10, 25, 50, or 100 (maximum willingness to share CPU time) e.g. if X-Ways Forensics is executed simultaneously by different users on the same server, for a fairer distribution of CPU time. (since v13.6 SR-5)
  • Fixed an error that prevented correct relative paths of linked files when saving the HTML report in a directory other than the preselected one. (since v13.6 SR-5)
  • Fixed an error in the script command GetUserInput. (since v13.6 SR-5)
  • Ability to click attachment links in extracted e-mail messages in containers even if attachments were not embedded in the .eml files. (since v13.6 SR-6) As the main reason to directly embed attachments therefore no longer exists, it is recommended not to use that option any more, considering its downsides (more time and drive space needed needed for extraction and especially for indexing).
  • Now 64 instead of 32 report tables supported in a case. (since v13.6 SR-6)
  • An error was fixed that occurred when hiding duplicates based on hash values in the case root. (since v13.6 SR-6)
  • In newly created volume snapshots, fictitious e-mail subdirectories now get a name different from the e-mail archive file to avoid name conflicts when copying files off an image. (since v13.6 SR-7)
  • Several other minor improvements and fixes.
Versienummer:13.7
Besturingssystemen:Windows NT, Windows 2000, Windows XP, Windows Server 2003
Website:X-Ways Software Technology
Download:http://www.x-ways.net/winhex.zip
Bestandsgrootte:1,16MB
Licentietype:Shareware
Moderatie-faq Wijzig weergave

Reacties (1)

Goed programma om in hex te werken.

Alleen jammer dat je weinig opties hebt in de gratis versie.

Op dit item kan niet meer gereageerd worden.



Apple iOS 10 Google Pixel Apple iPhone 7 Sony PlayStation VR AMD Radeon RX 480 4GB Battlefield 1 Google Android Nougat Watch Dogs 2

© 1998 - 2016 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Carsom.nl de Persgroep Online Services B.V. Hosting door True