Software-update: WinHex 11.9

X-Ways heeft WinHex een update gegeven naar versie 11.9. WinHex is een universele hex-editor waarmee je in staat bent om low-level dataprocessing toe te passen via een makkelijke interface. Het beschikt onder andere over een RAM-editor, een Data Interpreter en een Disk-editor. Het changelog van deze release ziet er als volgt uit:

What's new?

• WinHex now allows logical search operations in files and folders that are selected in the directory browser, even if a partition is available e.g. as an image file only and not mounted as a logical drive letter in Windows. The Parallel Search command for this can be found in the directory browser's context menu. (specialist or forensic license only).
  Advantages and disadvantages:
  • + The search scope can be limited to certain files and folders, also certain files and folders that are part of a contents table.
  • + Searching in files (usually = in the cluster chains allocated to files) is a "logical" kind of search. Will find search term occurrences even if the search term happens to be physically split in a fragmented file (occurs at the end and the beginning of discontiguous clusters) and even if the file is compressed (at the NTFS file system level or in an archive such as ZIP, RAR, etc.).
  • + Files in which the searm term occurs can be automatically opened.
  • - Unlike a search operation on a partition = search in a partition's sectors (= a "physical" kind of search), does not include unallocated space, slack space, or special system areas such as file allocation tables or logical surplus sectors. Also it is not as fast as a physical search.
• There is no duplication of search hits in the Position Manager any more. E.g. if you first search physically and then logically on a partition and have WinHex archive search hits, only additional hits will be added.
• Annotations manually added to evidence objects are now maintained and reported separately from search hits. Important search hits can be moved to the list of annotations with the Position Manager's context menu. Search hits are now collectively recorded with the date and time when the search operation began (useful for sorting by two criteria).
• The UDF file system is now supported in addition to FAT, NTFS, Ext2/Ext3, and CDFS/ISO9660.
• WinHex can now estimate the original size of MS Office documents when recovering such files "by type" and can now also distinguish between MS Excel, MS Word, and MS PowerPoint files and name them accordingly. (since v11.8 SR-3)
• WinHex now understands both ways of numbering raw image file segments, .000-based and .001-based. Newly created image file segments will now start with .001 instead of .000. (since v11.8 SR-3)
• WinHex now tries to identify obvious deleted partitions automatically and can scan for further formerly existing partitions in unpartitioned disk space when you invoke Tools | Disk Tools | Scan For Lost Partitions.
• Contents tables are now loaded back into the directory browser at twice the speed. Unloading large contents tables has become similarly faster.
• The directory browser can now sort in reverse order, and still reveals the previous order with a lighter arrow. For example, if you first click the filename column and then the filename extension column, files with the same extension are internally still sorted by name. Also the directory browser can optionally now be displayed with a grid.
• The directory browser has new icons for deleted files and folders. Deleted objects that WinHex knows are no longer accessible (either because their first cluster has been reallocated or because they have a size of 0 bytes) have icons crossed out in red.
• There is now a tooltip that indicates the path of a file if you place the mouse cursor over its icon in a contents table.
• There is now a small extra button (a floppy disk icon) that allows to save changes to a contents table, after deleting irrelevant files or directories from it, without having to close the directory browser.
• It is now possible to create drive contents tables for all evidence objects in a case without further user interaction in one step.
• A new option allows to create a case wide global contents table, by unifying contents tables from various evidence objects. The menu command for this can be found in the Case Data | Edit menu. Such a unified contents table is the most powerful way to review all files from all directories, from all partitions, from all media and image files that belong to a case. (forensic license only)
• There is now an option under Edit | Convert that allows to stretch 7-bit ASCII, which can be found e.g. on mobile phone SIM cards, to 8-bit ASCII.
• There are now script and API commands that allow to interpret raw images, Encase images, and evidence files like physical disks or partitions, as known from the Specialist menu command.
• It is now possible to select a track of a multi-session CD for display in the directory browser.
• It is now possible to include data analysis charts in the case report (via the context menu).
• Depending on which encryption algorithm was used, it is now possible to decrypt files inside encrypted ZIP and RAR archives if you know the original password. (forensic license only) Owners of a forensic license please log in and download a new zip.dll library for use with WinHex 11.9 Beta here.
• Many other minor improvements.

[break]

Klik voor een grotere versie