X-Ways Forensics & WinHex Manual
X-Ways Software Technology AGX-Ways Forensics/WinHexIntegrated Computer Forensics Environment.Data Recovery & IT Security Tool.Hexadecimal Editor for Files, Disks & RAM.ManualCopyright 1995-2020 Stefan Fleischmann, X-Ways Software Technology AG. All rights reserved.
Contents1Preface .11.11.21.31.41.52Technical Background .52.12.22.32.42.52.62.72.82.93About WinHex and X-Ways Forensics.1Legalities.2License Types .3More differences between WinHex & X-Ways Forensics.4Getting Started with X-Ways Forensics.4Using a Hex Editor.5Endian-ness .6Integer Data Types.7Floating-Point Data Types .7Date Types .8ANSI ASCII/IBM ASCII.9Checksums, Hashes, Digests.10Attribute Legend .11Technical Hints .11User Interface.133.1Overview.133.2Start Center .143.3Directory Browser.153.3.1 General Description .153.3.2 Virtual Objects.173.3.3 Filtering .183.3.4 Columns and Filters.193.3.5 More about the Timestamp Columns .303.3.6 FlexFilters.323.4Mode Buttons.323.5Status Bar .393.6Data Interpreter .393.7Position Manager .403.8Useful Hints .413.9Command Line Parameters .443.10User-Defined Keyboard Shortcuts .464Menu Reference 4.15Directory Browser Context Menu.50Case Data Window Context Menu.58Data Window Context Menu .59File Menu .60Edit Menu .62Search Menu .63Navigation Menu .64View Menu.65Tools Menu .67File Tools .70Specialist Menu.71Options Menu .74Window Menu .74Help Menu .75Windows Context Menu .75II
5Forensic nterpret Image File As Disk.76Case Management .77Multi-User Coordination For Large Cases.80Evidence Objects .84Case Log (Activity Log) .86Case Report.87Report Tables .90Viewer Functionality .93Registry Report .95Simultaneous Search .97Logical Search .99Search Hit List .104Search Term List.105Hit Count in Search Term Lists .108Event Lists .108Mount As Drive Letter.111File Type Categories.txt.112Hash Database.113PhotoDNA .115Time Zone Concept.119Evidence File Containers .119Related Items .122Generator Signatures.123External Analysis Interface.125Volume Snapshots and their Refinement .1266.1Introduction.1266.2Refinement at the Volume/Sector Level .1276.2.1 Run X-Tensions.1276.2.2 Particularly thorough file system data structure search .1276.2.3 File Header Signature Search .1296.2.4 Block-wise Hashing and Matching.1296.3Refinement at the File Level.1306.3.1 Hash Value Computation and Matching.1316.3.2 File Type Verification .1326.3.3 Extraction of Internal Metadata .1326.3.4 Archive Exploration .1356.3.5 E-mail Extraction.1376.3.6 Uncovering Embedded Data.1386.3.7 Capture Still Images from Videos .1416.3.8 Pictures Analysis and Processing .1426.3.9 FuzZyDoc .1436.3.10Detection of Encryption .1456.3.11Indexing.1466.4More Information about Volume Snapshot Refinement .1486.4.1 Interdependencies .1496.4.2 Notes.1497Some Basic Concepts .1517.17.27.37.47.5Edit Modes .151Scripts .152X-Tensions API .152Disk Editor .154Memory Editor/Analysis.155III
7.68Template Editing.157Data Recovery .1578.18.28.38.49File Recovery with the Directory Browser .157File Recovery by Type/File Header Signature Search.158File Type Definitions .160Manual Data Recovery .164Options.1659.19.29.39.49.59.69.79.810General Options .165Directory Browser.172Volume Snapshot Options .177Viewer Programs & Gallery Options.181Undo Options .185Security Options .185Search Options .187Replace Options .192Miscellaneous 10.1210.1310.1410.15Block .193Modify Data .193Conversions .194Sector Superimposition .195Wiping and Initializing .196Disk Cloning .197Images and Backups .199Dummy Image Segments .204Hints on Disk Cloning, Imaging, Image Restoration.205Skeleton Images.206Backup Manager.210Recover/Copy Command .210Duplicate File Detection .213Surrogate Patterns.215Reconstructing RAID Systems .216Appendix A:1234Template Definition.220Header .220Body: Variable Declarations .221Body: Advanced Commands.222Body: Flexible Integer Variables .224Appendix B:Script Commands .225Appendix C:Master Boot Record.232IV
1Preface1.1 About WinHex and X-Ways ForensicsCopyright 1995-2020 Stefan Fleischmann, X-Ways Software Technology AG. All rightsreserved.X-Ways Software Technology AGCarl-Diem-Str. 3232257 BündeGermanyWeb: www.x-ways.netOrder at: www.x-ways.net/order.ht
Federal Republic of Germany. WinHex was first released in 1995. This manual was compiled from the online help of WinHex/X-Ways Forensics 20.1 and was last updated in December 2020. Supported platforms: Windows XP, Windows 2003 Server, Windows Vista/Server 2008, Windows 7, Windows 8/8.1/Server 2012, Windows 10/Server 2016. 32-bit and 64-bit .
-- Computer forensics Computer forensics -- Network forensics Network forensics - Live forensics -- Software forensics Software forensics -- Mobile device forensics Mobile device forensics -- "Browser" forensics "Browser" forensics -- "Triage" forensics "Triage" forensics ¾Seizing computer evidence
Any device that can store data is potentially the subject of computer forensics. Obviously, that includes devices such as network servers, personal computers, and laptops. It must be noted that computer forensics has expanded. The topic now includes cell phone forensics, router forensics, global positioning system (GPS) device forensics, tablet .
forensics taxonomy for the purpose of encapsulating within the domain of anti-forensics. Hyunji et.al [9] proposed a model for forensics investigation of cloud storage service due to malicious activities in cloud service and also analysed artiacts for windows, Macintosh Computer (MAC), (iphone operating system) IOS and
digital forensics investigation is recommended. DIGITAL FORENSICS OFTEN STANDS ALONE We feel that it is important to mention that while digital forensics may be employed during an e-discovery effort, digital forensics often exists independently from e-discov-ery. Digital forensics can be used anytime there is a need to recover data or establish the
Skill in analyzing anomalous code as malicious or benign. Computer Forensics Additional S0091 Skill in analyzing volatile data. Computer Forensics Additional A0005 Ability to decrypt digital data collections. Computer Forensics Additional S0092 Skill in identifying obfuscation techniques.
Paraben: CSI Stick Paraben: USB Serial DB9 Adapter Paraben: P2 Commander Module 16 - USB Forensics Lesson Objectives USB Components USB Forensics USB Forensics Investigation Determine USB Device Connected Tools for USB Imaging Module 17 - Incident .
The methods that digital forensics uses to handle digital evidence are very much grounded in the field's roots in the scientific method of forensic science. Every forensic science certification requires a code of conduct of an unbiased and ethical approach to examinations. Cybersecurity Digital Forensics BRIEF HISTORY OF DIGITAL FORENSICS
Age group: 5–18 Published: September 2014 Reference no: 140157 Her Majesty’s Chief Inspector (HMCI) raised concerns about low-level disruption in schools in his Annual Report 2012/13. As a consequence, guidance to inspectors was tightened to place greater emphasis on this issue in routine inspections. In addition, HMCI commissioned a survey to ascertain the nature and extent of low-level .
