Download Winhex 15.0

Spread the love

X-Ways Software Technology has released version 15.0 of Winhex. Winhex is not only a universal hex editor, but it is also capable of low-level data processing through an easy interface. The program includes a ram editor, a data interpreter and a disk editor, and can be used, for example, to retrieve deleted information and to inspect files. Winhex works on all Windows versions from 98 onwards with the exception of NT, but its full range of capabilities can only be fully utilized on Windows 2000 or higher. New in this release is that multiple processor cores are now used optimally, making the program a lot faster. The full changelog for this release is as follows:

Changes in version 15.0:

  • X-Ways Forensics 15.0 features a totally revised indexing algorithm that specifically utilizes multiple processor cores and on systems that have multiple process cores runs faster than its predecessor, in particular when taking the (optional) optimization step into account.
  • The file type signatures database now distinguishes between signatures that are useful for file type verification only (to verify the type of files that are already contained in the volume snapshot, forensic license only) and signatures that are strong and important enough to also use them in a file header signature search, ie to find additional files. For that purposes, two separate definition text files now ship with X-Ways Forensics. The purpose is to keep users from blindly selecting all file types for the search, from getting too many false positive for weak signatures as a consequence, from getting too many garbage files (eg MPEG fragments that cannot be played), from getting too many irrelevant files (eg font files, cursor files), and from unnecessarily suffering from a slow search speed, and from complaining about all of this. Of course it’s still possible to add new file type definitions for file header signature searches or to move file type definitions from one definition file to the other consciously.
  • File type signature and category definitions have been further expanded.
  • Previously existing files whose first clusters are known to be overwritten are no longer checked for their true file type.
  • Zip and Rar archives that X-Ways Forensics knows contain encrypted files are now marked as encrypted themselves, with “e!” (file format specifically encrypted) in the Attribute column. Allows to focus on such files more conveniently than before. (And some users didn’t realize how it was possible before.)
  • It is now possible to manually define a block in Volume/Partition/Disk mode and add it to the volume snapshot as a carved file. Useful if you wish to treat data in a certain area (eg HTML code or e-mail messages found floating around in free space) as a file, eg to view it, search it specifically, comment on it, add it to a report, etc. The command for that can be found in the Edit menu.
  • The German name of the virtual directory for carved files has been changed from “Per Signatur gefunden” to “Aus Sektoren herausgemeißelt” (Übersetzung/Umschreibung für “carved”). Wenn Sie eine other Benennung vorschlagen möchten, report Sie sich bitte.
  • A new directory browser option called “Full path sorting” for objects that have child objects has been introduced. The effect is that, if sorted by path, child objects will be listed directly after their respective parents (eg files after their parent directories, e-mails after the e-mail archives from which they have been extracted, e-mail attachments after their containing parent e-mail messages, compressed files after their parent archives, etc.).
  • Support for more than 255 file type signature definitions.
  • Two more external programs can be defined.
  • The first portion of the Details mode (“Data from the Volume Snapshot”) is now displayed as a table, which is visually more appealing.
  • Metadata extraction from BMP files and (on logical drive letters) EXE/DLL files.
  • .cfg files from previous versions cannot be imported any more.
  • When verifying file types, for files that are not recognized by any entry in the file header signature database, X-Ways Forensics now makes additional attempts at detecting the file type. Useful to recognize file types that do not have a fixed signature, eg .eml e-mail messages, programming language source code, batch files, and many more.
  • The names of extracted .eml files are now usually more authentic especially if the subject line is encoded in an Asian code page.
  • When outputting report tables to the case report, to make the report more compact (eg for printing), it is now possible to break the filename and paths lines after a user-defined number of pixels. Helps to avoid that the report becomes wider than a printable page, especially when referencing more than one file per row.
  • When viewing search hits in the decoded version of eg PDF documents in raw preview mode, you now see the exact raw decoded text as used for searching. Useful if the viewer component cannot highlight a search hit in the regular view of the PDF document.
  • Some minor improvements in email processing.

[break]

Version number 15.0
Release status Final
Operating systems Windows 9x, Windows 2000, Windows XP, Windows Server 2003, Windows Vista
Website X-Ways Software Technology
Download
File size

1.36MB

License type Shareware
You might also like