Downloads

Download WinHex 15.8

By admin
Spread the love

X-Ways Software Technology has released version 15.8 of WinHex. WinHex is not only a universal hex editor, but is also capable of low-level data processing through an easy interface. The program includes a ram editor, a data interpreter and a disk editor, and can be used, for example, to retrieve deleted information or to inspect files. WinHex works on all Windows versions from Windows 2000 onwards and is available in four different versions, with prices from forty euros. The following changes and improvements have been made in this release:

What’s new?

  • Ability to internally reconstruct JBOD, ie virtually concatenate spanned physical disks (or images of physical disks), via the menu command Specialist | Reconstruct RAID System. Requires a specialist license or higher.
  • Recover/Copy: Ability to group existing and deleted files even when not recreating the original path. Forensic license only.
  • Recover/Copy: Ability to group files by other parameters such as file type, category, description, sender, owner, hash set, hash category, report table association. Forensic license only.
  • Recover/Copy: The single-character suffix that is used to name output folders for child objects of files (distinguish them from the name of the parent files, avoid name conflicts) is now user-definable. It can also be disabled to return to the behavior of v15.5 and earlier, where the words ” child objects” were appended. Forensic license only.
  • Recover/Copy no longer recreates the original Windows attributes when copying files because hidden and system attributes often make it unnecessarily complicated to see the output files.
  • For e-mail extracted by v15.8, you can now see in the Attribute column if an e-mail message is marked as unread. Forensic license only.
  • Revised ability to filter for email messages via the Attr. column. Note that the additional e-mail properties by which you can filter are combined with a logical AND, not OR, as otherwise common within the Attr. filter. Forensic license only.
  • The number of files that are contained in a directory or in evidence objects (recursively) is now optionally displayed in the directory tree and in the directory browser directly following the directory name, in parentheses. This allows you to easily find directories or evidence objects/partitions that contain most files. A file count is also provided for files that have child objects. File counts are also presented in a new directory browser column, which is sortable. Forensic license only.
  • Numeric columns in the directory browser such as 1st sector, skin color percentage, internal ID etc. are now right-aligned.
  • If recursive selection statistics are enabled, in the directory browser X-Ways Forensics now shows as the size of a directory the total size of all the files directly or indirectly contained in that directory, not the size of the data structures of the directory any more . Comments about this new feature are welcome. The recursive selection statistics now exclude the size of the data structures of the directories themselves.
  • The recursive selection statistics are now considerably faster to compute for directories on large volume snapshots.
  • It is now possible to monitor lengthy operations in X-Ways Forensics from other computers in the same network, ie see whether they are still ongoing or completed. In General Options you can enable progress notifications via text files (that can be created in a directory on a network drive) and via e-mail in user-defined intervals. Forensic license only.
  • Detection of eCryptfs-encrypted files (files stored by the Enterprise Cryptographic FileSystem for Linux). Based on material provided by Ted Smith and implementations for Ubuntu 8.10, 9.04, 9.10 and 10.04. Such files will by marked with E in the Attributes column, just like EFS-encrypted files in NTFS, but only after the encryption test has been run. Forensic license only.
  • New default directory for cases under Windows Vista and 7 if X-Ways Forensics has been installed with the setup program.
  • Sent e-mails in PST/OST archives are now extracted as .eml files by the non-MAPI extraction method, too, and their timestamps are now shown in the timestamp columns.
  • Outlook calendar entries, contacts, notes, and tasks will now also be shown with timestamps.
  • GPS module timestamps and coordinates are now extracted from JPEG files that contain them.
  • Certain deleted files that are found during the particularly thorough file system data structure search in NTFS volumes can now be represented with correct contents even if they are fragmented and their FILE records are not available any more.
  • The category filter popup menu has a tentatively introduced gimmick that allows to see statistics about the categories of the files currently listed.
  • Outlook journal entries are now better represented.
  • Comments in zip archives will be extracted by the metadata extraction.
  • Zip archives that contain hidden files will now be flagged with a report table association.
  • Recover/Copy: Ability to embed attachments that are part (but not the only contents) of e-mail messages in their respective parent .eml files, if both the attachment(s) and the e-mail message are selected for copying and not excluded by any filter. Not yet 100% flawless, but usable. The ability to embed attachments in .eml files already when extracting e-mail from e-mail archives will be removed only in the next version after 15.8.
  • Support for non-English attachment names in artificially generated .eml representation of e-mails that were extracted from OST/PST with the non-MAPI method.
  • New checkbox for logical searching and indexing that allows to specifically omit directories (ie not search NTFS INDX buffer, FAT directory entries etc. etc.).
  • Maximum number of search terms that can be logically combined for a fuzzy AND combination slightly increased from 7 to 8.
  • Contiguous bad clusters in FAT volumes are now represented as separate virtual files.
  • Correct representation of FAT and root directory in the volume snapshot for FAT volumes with only 1 file allocation table.
  • Ability to specify non-zero header sizes in component disks or JBODs. Note that if not all the sectors on the component disks are actually used (some reserved at the end) then prior to reconstructing the RAID you can specify the used sector count for each component via Tools | Disk Tools | Set Disk Parameters.
  • Recover/Copy: Encoded size of embedded attachments now always correct. Warning if attachments are to be added and filters are affecting the scope of the operation as that may inadvertently exclude the attachments.
  • Polish translation of the menu.
  • PNG metadata extraction revised.
  • Support for the Linux file system next3. The exclude bitmap inode will be evaluated, and snapshot files are marked with (SF) in the Attribute column. Specialist license or higher required.
  • Table “Partitions by disk signature” in registry report now supported for Windows 7 registries, too. New table “Windows portable devices”.

Version number 15.8
Release status Final
Operating systems Windows 7, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008
Website X-Ways Software Technology
Download
File size

1.57MB
License type Shareware
You might also like
Apps

Popular apps Pixelmator and Photomator are now from Apple

News

MacOS Sequoia 15.3.1 is out: what’s new for your Mac?

News

iOS 18.3.1 is out (and this is why you have to update)

News

WatchOS 11 is out: This update makes your heart beat faster

News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products