Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , 1 reactie
Bron: X-Ways Software Technology

WinHex logo (60 pix)X-Ways Software Technology heeft versie 15.7 van WinHex uitgebracht. WinHex is niet alleen een universele hexeditor, maar is ook in staat om low-level dataprocessing toe te passen via een gemakkelijke interface. Het programma beschikt onder meer over een ram-editor, een data-interpreter en een disk-editor, en kan bijvoorbeeld worden gebruikt om verwijderde informatie terug te halen of om bestanden te inspecteren. WinHex werkt op alle Windows-versies vanaf Windows 2000 en is verkrijgbaar in vier verschillende versies, met prijzen vanaf veertig euro. In deze release zijn de volgende veranderingen en verbeteringen doorgevoerd:

What's new?
  • Support for the exFAT file system. (requires a specialist license or higher)
  • Ability to interpret dynamic Virtual PC VHD images. (requires a specialist license or higher) Such images can also be edited (in WinHex, not X-Ways Forenscis), but not expanded.
  • Ability to interpret .e01 evidence files with an internal chunk size of up to 256 KB (previously up to 128 KB). Useful for example for memory dumps created by other software.
  • Old versions of files that are found as part of the thorough file system data structure search in volume shadow copies are now marked as (SC) in the Attribute column and can be filtered. The old contents of old versions of large files will be correctly represented in a future release. The file system level metadata of old versions and the contents of small files are already usually correctly represented.
  • Old names/paths of renamed/moved files in NTFS as discovered by the thorough file system data structure search are now by default no longer listed as additional items in the volume snapshot and in the directory browser. Instead, they are mentioned as comments that are attached to the renamed/moved files. This keeps directory browser listings smaller and makes searches quicker than before.
  • The Simultaneous Search now supports case-insensitive searches generally, not just for English and German letters.
  • GREP expressions may now contain true Unicode characters, and it is now possible to search in specific code pages when using GREP syntax.
  • The most important MS Office 2007/2010 and OpenOffice 2/3 document types are now by default decoded for the logical search, and (in conjunction with the recommended data reduction) their main XML files are omitted from the search. That ensures that you get search hits in the documents and not in the XML files, which is more convenient, and that you don't get them twice unnecessarily. The other XML files, which may contain important metadata, are still searched (provided that you have included the contents of archives in the volume snapshot).
  • Metadata extraction improved for Windows 7 .lnk files.
  • Catalogs of JumpList files are now output in Details mode.
  • Ability to recursively delete directory with subdirectories that cannot be deleted with Windows Explorer or other Windows tools and commands because of illegal characters, via Tools | File Tools | Delete recursively.
  • Improved behavior when encountering already running instances. A new middle state allows to decide on a case-by-case basis whether to start another instance.
  • There is now an option to filter by internal ID. Useful for example and very easy to use if you would like to focus on the x files that were added to the volume snapshot last or if you would like to resume a logical search with internal ID y (and filter out files that have already been searched).
  • Introduced an interface that allows to copy files of a certain category from selected evidence objects to a user-defined output directory for analysis by a certain external program. The external program can then identify relevant files or classify files. The result can imported back into the case and will be shown as report table associations, by which you can filter or create reports. The interface works at the case level and requires a forensic license or X-Ways Investigator.
  • Through this interface, using the upcoming professional version of the software DoublePics (www.dotnetfabrik.de) and a database of pictures from previous cases as often maintained by law enforcement agencies that have to deal with child pornography cases, it is possible to conveniently and automatically categorize pictures in new cases that are known already, as relevant or irrelevant or "gray area" or whatever. Known pictures can be recognized even if they are stored in a different file format, resized, if the colors or the quality are different or they have been edited, thanks to fuzzy logic and adjustable sensitivity and tolerance.
  • When using the non-MAPI method to extract e-mails from PST/OST archives, HTML e-mails are now also usually represented in .eml format (except for outgoing/sent messages). Additionally, a clickable link to the attachments is now included in Preview mode (except for outgoing/sent messages, and not guaranteed to work if attachments have non-English names).
  • Fixed an exception error that could occur when taking a volume snapshot.
  • Previous limitations for writing sectors in partitioned areas under Windows Vista/7 have been practically removed. In 99% of all cases it is now possible to write sectors in these Windows versions.
  • The Sender/Recipient columns were swapped. This was fixed.
  • Fixed two errors that could interrupt taking a volume snapshot.

WinHex screenshot

Versienummer:15.7
Releasestatus:Final
Besturingssystemen:Windows 7, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008
Website:X-Ways Software Technology
Download:http://www.winhex.com/winhex.zip
Bestandsgrootte:1,51MB
Licentietype:Shareware
Moderatie-faq Wijzig weergave

Reacties (1)

Dit is een forensische hex-editor waarbij het verzamelen en herstellen van data centraal staat.
Dit stukje software vind ik zelf erg handig om afbeeldingen te vinden die gewist zijn, en er wordt veel meer gevonden dan menige recover-software.
Stukken beter dan bijv. Recover My Files.

Ook is het mogelijk raid-arrays te herstellen en bootsectors te editen.

Een aanrader om de trial eens te proberen, daarna wil je 'm altijd bij je op een usbstick hebben!

Op dit item kan niet meer gereageerd worden.



Apple iOS 10 Google Pixel Apple iPhone 7 Sony PlayStation VR AMD Radeon RX 480 4GB Battlefield 1 Google Android Nougat Watch Dogs 2

© 1998 - 2016 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Carsom.nl de Persgroep Online Services B.V. Hosting door True