Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , 1 reactie
Bron: X-Ways Software Technology

WinHex logo (60 pix)X-Ways Software Technology heeft maandag versie 15.3 van WinHex uitgebracht. WinHex is niet alleen een universele hexeditor, maar is ook in staat om low-level dataprocessing toe te passen via een makkelijke interface. Het programma beschikt onder meer over een ram-editor, een data-interpreter en een disk-editor, en kan bijvoorbeeld worden gebruikt om verwijderde informatie terug te halen en om bestanden te inspecteren. WinHex werkt op alle Windows-versies vanaf Windows 2000 en is verkrijgbaar in vier verschillende versies. Hieronder is te vinden wat er sinds versie 15.2 in het programma veranderd is:

What's new?
  • The index optimization step was reworked. It can now utilize an unlimited and user-defined number of processor cores simultaneously and a user-defined amount of main memory, for faster and more thorough optimization.
  • Improved memory handling for search hits. No additional memory requirement for search hits any more when loading or saving the case. Memory for search hits is now needed only when the evidence object is open (same as before already with memory for volume snapshots). The limitation of the number of search hits in one evidence object by main memory was slightly increased (now several ten million search hits possible). Search hits saved by v15.3 cannot be loaded by older versions any more.
  • Decoding the text in PDF, HTML, and various other documents for the logical search and for indexing can no longer cause the program to freeze or crash if the viewer component has problems processing the file e.g. because the file is corrupt.
  • When attempting to view or preview a file with the viewer component that is a known to be a reason for crashes, you are asked whether you are really sure you would like to view the file.
  • Detects if hash database is in use to avoid conflicts when updating it.
  • When you add an excerpt from a file to the volume snapshot as a virtual file (select a block in File mode and use the Edit menu for that), the resulting file is now marked as "excerpt" in the Attr. column and is filterable like this.
  • zip.exe was updated with a version that supports larger .zip files. That program is used for archiving cases.
  • In main memory (local live main memory or memory dumps), Windows kernel data structures and named objects are now conveniently listed in a tree in the volume snapshot. Other objects will be listed per process in the handle table.
  • Three additional data types have been added to the Data Interpreter: SID (security identifiers), IP addresses, and packed 7-bit ASCII strings. IP addresses are also available in templates, and the variable type is called "IP".
  • Three additional hash types have been added: RipeMD-128, RipeMD-160, and MD4. Support for MD4 has been added because that hash type is in use e.g. in aMule.
  • The integrity test of the hash database can now be aborted.
  • The case report can now optionally be split into multiple HTML files if too many pictures are to be included (like hundreds or thousands) that give Internet browsers or other programs headache when loading the HTML file.
  • New index optimization further improved.
  • Improved compatibility with .e01 evidence files as produced by EnCase 6.13.
  • Avoided "... is not a valid character" error message in inappropriate situations.
  • Supports overlong paths (up to about 510 characters) when taking a volume snapshot of a network drive.
  • Clickable links to attachments in e-mails in Preview mode now work in some very rare cases where they previously didn't.
  • When opening main memory, loaded modules are now listed, in a virtual directory named "Modules". That enables X-Ways Forensics to allocate the memory pages in RAM mode that they occupy to them, and to compute hashes for them so that they can be identified via special hash sets.
  • Memory analysis more robust.
  • It is now possible to output the report for selected evidence objects only, not simply for all evidence objects, via an additional checkbox in the report options dialog. (forensic license only)
  • A new filter has been introduced that allows to focus on files that have been already or have not been viewed yet by the examiner. See Directory Browser Options. (forensic license only)
  • Some options from the Security Options and the Directory Browser Options that affect the creation of volume snapshots have been moved to a separate dialog box that you can access via a button in the Directory Browser Options.
  • A new volume snapshot option is now available that causes deleted partitions to pass on their deleted state to everything that they contain (files, directories, ...), and deleted e-mail archives to pass on their deleted state to all the e-mails, directories and attachments that they contain. This may seem logical, but results in a loss of information (*everything* is listed as deleted). By default, X-Ways Forensics still distinguishes between existing and deleted files and e-mails etc. even in deleted partitions/deleted e-mail archives, as in earlier versions, so that more information is retained.
  • Via two other new volume snapshot options you can indicate whether you are interested in earlier names and locations of renamed/moved files in NTFS and whether you are interested in getting files listed for which only filename, size, timestamps and attributes (but no data) are known. By default, such files are listed, as in earlier versions. (specialist or forensic license only)
  • ed2k hash values can now be computed for files in the volume snapshot. This hash type is used in file sharing programs. (specialist or forensic license only)
  • The menu items for simultaneous search and the index searches have been moved to the top of the menu (for license types in which they are available), since they are the most important ones in the Search menu.
  • Fixed an error that in some situation occurred when processing certain thumbs.db files.

WinHex screenshot

Versienummer:15.3
Releasestatus:Final
Besturingssystemen:Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008
Website:X-Ways Software Technology
Download:http://www.winhex.com/winhex.zip
Bestandsgrootte:1,38MB
Licentietype:Shareware
Moderatie-faq Wijzig weergave

Reacties (1)

Dit is een van de krachtigste hex-editors die ik ken.
Je kunt er meer files mee restoren dan met welke recovery tool dan ook, en het is een geweldig data-forensisch programma.

Ook kun je er raid-arrays mee repareren en data terughalen.

Als je even in de huid wilt kruipen van data-recovery bedrijven, wilt weten of er nog oude foto's op je geheugenkaartjes staan, etc. dan is dit je tool!

Op dit item kan niet meer gereageerd worden.



Apple iOS 10 Google Pixel Apple iPhone 7 Sony PlayStation VR AMD Radeon RX 480 4GB Battlefield 1 Google Android Nougat Watch Dogs 2

© 1998 - 2016 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Carsom.nl de Persgroep Online Services B.V. Hosting door True