Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , 1 reactie
Bron: X-Ways Software Technology

WinHex logo (60 pix)X-Ways Software Technology heeft eerder deze maand versie 15.2 van WinHex uitgebracht. WinHex is niet alleen een universele hexeditor, maar is ook in staat om low-level dataprocessing toe te passen via een makkelijke interface. Het programma beschikt onder meer over een ram-editor, een data interpreter en een diskeditor en kan bijvoorbeeld worden gebruikt om verwijderde informatie terug te halen en om bestanden te inspecteren. WinHex werkt op alle Windows-versies vanaf 98 met uitzondering van NT, maar het complete arsenaal aan mogelijkheden kan alleen volledig worden benut op Windows 2000 en hoger. Hieronder is te vinden wat er allemaal sinds versie 15.1 in het programma veranderd is:

What's new?
  • If more than 1 GB of main memory is available, the optimization of an index now better utilizes that memory, which may result in a tremendous acceleration of this step for large indexes.
  • There are now two different checkboxes in the Index Search window. Checking the first one helps finding words within words (e.g. "wife" in "housewife", incomplete and slow if the index was not prepared for substring searches). The second one makes it optional to find word extensions (e.g. "houses" when searching for "house" and "skyscraper" when searching for "sky"). Finding word extensions was default behavior in previous versions. Unchecking both options works like a "whole words only" option.
  • It is now possible to replace an evidence object with a new medium (drive letter or physical disk). Useful if you are working with original disks, not images, and the drive letter or disk number has changed.
  • The graphics library was updated. Some issues with the display of pictures were fixed.
  • It is now possible to group existing and deleted files in different output directories when using the Recover/Copy command. Requires that you have X-Ways Forensics recreate the original path.
  • Ability to recreate files whose original paths contains directory names with trailing spaces, although not allowed by Windows, by removing such spaces.
  • It is now possible to mark files as hidden even in a search hit list. Such files will actually be filtered out if you do not list hidden items when you click the Enter button in the search term list window to recompile the search hit list.
  • When adding a file to a report table, it is now also possible to recursively add all its child objects to the same report table, not only direct children.
  • Ability to view Unix/Linux wtmp and utmp log-in records.
  • Recognizes the TFAT file system as such.
  • When enabling the recommendable data reduction for logical searches, files marked as moved/renamed will not be searched any more, as the same data is searched when the same file is searched under in its new location/under its new name.
  • Can import SHA-1 hashes from .e01 evidence files as now optionally provided by EnCase 6.12. (Note that in X-Ways Forensics you were never forced to use MD5).
  • Naming problem solved for e-mail messages that were extracted from .msg files that were attached to the volume snapshot as virtual files.
  • It is now possible to view/search/dump physical RAM on remote computers through F-Response 2.x (works in conjunction with X-Ways Forensics since v15.1 SR-5).
  • Several minor improvements.
  • Main memory analysis. Processes will be listed in the directory browser, with their timestamps and process IDs, and their own respective memory address spaces can be individually viewed in "Process" mode, with pages concatenated in correct logical order as soon by each process. The "particularly thorough data structure search" will take a little longer and may turn up traces of additional processes including rootkits. Works for memory dumps from many, but not all Windows versions and service packs. Currently requires that the name of file with the memory dump contains the word "RAM" or "dump", for it to be detected as a memory dump.
  • For internally reconstructed RAIDs, the number of the component disk from which the current sector (where the cursor is in) was read is now displayed in the Details Panel, along with the relative number that that sector has on that component disk.
  • For reasons of convenience, WinHex and X-Ways Forensics now remember and restore the last selected item and other settings of the directory browser when reopening data windows and evidence objects.
  • Hash sets can now be classified as to how important they are. This is useful because when matching hash values against the hash database, only one match is returned even if the same hash values is contained in multiple hash sets. Now you can make sure that in such a case you get the most important hash set returned, for example a hash set that identifies CP pictures without any doubt as opposed to hash sets that may contain the hash values of doubtful pictures. Also new: If there is more than one match, a "+" sign will be displayed in the hash set column in the directory browser after the name of one of the matching hash sets.
  • Hash set names may now contain Unicode characters.
  • Some special information for memory dumps (if they are recognized as such, see above) is now available in Technical Details Reports.
  • Now shows attachments as child objects of e-mail messages instead of in a virtual "Attach" folder in some cases where this previously did not happen.
  • Evidence file containers created by v15.2 Beta 3 and later can now also transport the hash category of a file and the skin color percentage.
  • Icons of hidden files are now displayed in gray instead of blue. Icons of notable files are now displayed in red instead of blue.
  • RAM analysis now also works for local physical RAM opened via Tools | Open RAM, not only for memory dumps.
  • An error with the new hash database algorithm in Beta 2 was fixed.
  • An error in the "Totally remove hidden items" function was fixed that existed since v14.8.
  • Support for mode 1 ISO CD images with 2,352 bytes per sector, if not spanned (segmented).
  • Minor improvements and fixes for the new memory analysis feature.
  • It is now possible to attach all the files of an entire directory to the volume snapshot, not just individual files, if you hold the Ctrl key while invoking the directory browser menu command. Useful for example after having extracted thousands of .msg files from a .pst or .ost e-mail archive using the viewer component, to integrate them back into X-Ways Forensics for further processing.
  • When identifying and hiding duplicate files, previously it was possible that duplicate e-mails with attachments (e-mail/attachment pairs) were separated if the parent (e-mail message) of one pair and the child (attachment) of another pair was hidden. The algorithm was improved and this undesirable situation is now avoided.
  • Evidence file containers created by v15.2 Beta 3 should only be used in the same version or in earlier versions. Future versions might misinterpret them. The layout of the new fields in now finalized.
  • The "Save As" command is now also available for disks (yet another way how to create a raw image).
  • Avoids exception errors with certain corrupt .gif files.
  • Memory analysis further improved
  • Identical e-mail messages with different attachments (child objects) will be marked as duplicates, but not hidden. Identical attachments (child objects) will be marked as duplicates, but they will be hidden only indirectly if they are part of identical e-mail messages and those are hidden, too. This facilitates the examination and also avoids a situation where the parent (e-mail message) of one e-mail+attachment family and the child object (attachment) of another family is hidden.
  • The downloadable PDF user manual has been updated.
  • Fixed an exception error of type 216 at offset 00550348 that could occur when taking volume snapshots.
  • Fixed an exception error that could in rare cases when optimizing an index.

WinHex screenshot

Versienummer:15.2
Releasestatus:Final
Besturingssystemen:Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008
Website:X-Ways Software Technology
Download:http://www.winhex.com/winhex.zip
Bestandsgrootte:1,39MB
Licentietype:Shareware
Moderatie-faq Wijzig weergave

Reacties (1)

"What's new? "
Hemel wat een verhaal - die gasten kunnen pas werken, super TOP dit!

Op dit item kan niet meer gereageerd worden.



Apple iOS 10 Google Pixel Apple iPhone 7 Sony PlayStation VR AMD Radeon RX 480 4GB Battlefield 1 Google Android Nougat Watch Dogs 2

© 1998 - 2016 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Carsom.nl de Persgroep Online Services B.V. Hosting door True