Software Update: WinHex 18.2




X-Ways Software Technology has released version 18.2 of WinHex. WinHex is not only a universal hex-editor, but is also able to apply low-level data-processing via an easy interface. The program includes a ram editor, a data interpreter and a disk editor, and can be used for example to retrieve deleted information or to inspect files. WinHex works on all Windows versions from Windows XP and is available in different versions , with prices from about forty dollars to over a thousand euros for the most comprehensive version. In this release, the following changes and improvements have been made:

What’s new?
Viewing support for Ext3 / Ext4 journals. Our File Systems Revealed training course now ook Explains the Ext journal.
Ability to Specify in great detail-which types of file archives and zip-which subtypes Should be Explored to include Their contents into the volume snapshot.
Support for up 32 external viewer programs INSTEAD OF 9. Their paths are now defined in a separate file, named Programs.txt, so That It’s Easier to share a collection of external programs separately, or keep them When taking over all other settings from someone else.
PhotoDNA reliably preserves the category of pictures, if identified, in evidence file containers, and can show it in installations Whose PhotoDNA Database Has A category of the same name, after a volume snapshot of the container HAS BEEN tasks.
Ability to split huge HTML and TSV exports from the directory browser into separate files.
Ability to tweak CPU and memory utilization or indexing, and more conservative default values ​​are used.
Exchange EDB extraction slightly revised.
Fixed an infinite loop That Could Occur in the original preview release.
Both default and maximum file sizes for carving are now Individually Specified in the “File Header Signatures Search.txt” file on a per file type basis, no longer generically in the user interface. That Allows for better output quality Because different file types have different variances in typical file sizes (larger or smaller Deviations fromtheir respective average file size).
The virtual “Free space” file is now frozen ook once it is indexed, to avoid later invalidation or index offsets.
Faster processing of huge numbers of original .eml and .msg files in very large volume snapshots. Volume snapshots saved by Earlier releases have to be converted to a new format by v18.2 Preview 3 and later.
Avoided look garbled or toolbar icons on systems with only 16-bit color depth (High Color).
Exchange EDB support slightly revised.
Support for Project VIC JSON format files 1.2.
Tentative support for Exchange 2010 EDB databases. Feedback appreciated!
More efficient processing of solid 7zip archives.
Substring filter for the Author column.
Extended support for relative paths to external programs.
Volume shadow copy processing revised, delivering better results.
Extraction or browsing history information from Safari’s icon database. This alternative source is very interesting Because It records browsing history Even When Safari in private browsing mode.
Ability to copy the path of the selected key in the Registry Viewer using a new context menu command.
Maintains a history of the last eight search terms used in the Registry Viewer.
Ability to view .DS_Store in more detail in Preview mode.
A new button labeled “XT” is now shown When viewer X-Tensions are available (loaded), next to the “Raw” button. Allows you to conveniently change the preview to the representation provided by the first viewer X-Tension That feels responsible for the type of the selected file. Or back to the regular preview if not helpful, in both directions with a single mouseclick. You May ook combine Raw and XT submodes or Preview mode, for example for debugging Purposes claustrophobia are programming a viewer X-Tension or your own and have it return HTML code That You wish to check in X-Ways Forensics.
Improved dealing with incomplete ext * partitions, in Particular Those That Are Part or Linux software RAIDs if not reconstructed by the user, but processed directly by themelves.
For the filesystems Ext2 / Ext3 / Ext4, there is now a “Particularly Thorough file system data structure search” functionality,-which checks the entire volume for previously Existing directory structures Whose contents are no longer known from correspondance thing inodes (thesis would have been looked ate as part of the regular volume snapshot already). Such directories are listed with a generic name, Usually in “Path unknown”, but Potentially in the root directory, if that’s Where They Existed previously (the root directory is special in this situation, as It has an unchangeable ID).
New directory browser context menu command to exclude files based on identical names INSTEAD OF identical hash values. This is a case-insensitive comparison and of course Should be used only if you know what you are doing, as it does not compare the file contents at all. Could be useful for example if you wish to get rid of multiple copies of the same files found in backups if you do not need to keep different versions of These files. If prior to the comparison for example you sort by last modification date in descending order, this will ensure That the newest version of the file will be kept and all older versions will be excluded. Files with identical names are not marked as duplicates in the Attr. column. That happens only if you identify identical files based on hash values ​​in previous versions.
Context menu for directories in the Case Data window. Available if “More context menus” in Options | General has been fully checked or if the Shift key is pressed while right-clicking a folder. Allows Recursively to explore the right-clicked folder (just like When no context menu is shown), payback from the directory to tag Recursively (just like When pressing the Space bar) to expand the directory Recursively (just like When pressing the key or multiply the numeric keypad) to collapse all, export a subtree into an ASCII text file, or copy the entire directory into the path of That clipboard.
“Create main report” is now a 3-state checkbox in the case report options dialog. If only half checked, details about the evidence objects are not included in the case report, the evidence Merely objects are listed. Evidence objects details, if included, now precede report tables in the report. Left to report tables now work even if the report is optionally split into multiple HTML files, and there is a link back from each report table to the report overview table. The report is now split based on the number of items That Are referenced, not based on the number of pictures That are displayed in the report. If the report is split, the next segment is now linked from the bottom of the previous segment.
Improved support for logical memory addresses in the Position Manager (previously called “virtual” memory addresses).
The case log, if output alongwith the case report, is now a separate HTML file. If the report is saved in a directory other than the case directory and screenshots of the case log are to be included, They are now copied to the appropriateness subdirectory.
The Chinese translation of the user interface was updated.
Slightly revised filetype verification.
Played with deleted hash sets (Which are not discarded from volume snapshots When The hash sets are marked as deleted in the hash database) are now marked in the “Hash Set” column with the word “deleted” to avoid confusion and mix-ups with Existing hash sets of the same name. Some users who delete hash sets from a hash database, add new hash sets, but do not match hash values ​​of files against the hash database again, might have confused thatthey can not target files with matches using the “Hash Set” column filter-which Existing only sacrifice hash sets.
More likely enough space now in evidence file containers for email messages with extremely long subjects, extracted sender and recipients text, comments, and report table assocations.
The newly Introduced optional commas in the column “Default size” in “File Type Signatures Search.txt” have been Replaced with colons for better compatibility with MS Excel.
Keeps track of files When viewed ‘viewed’ in the gallery for pictures only, even if non-picture files are Represented in the gallery as well by thumbnails (as Introduced with v18.0).
Prevented erroneous “Please stop ongoing operation first.” message That Could Occur When trying to hash files in large volume snapshots, and Subsequent exception errors.
Fixed an error with message “Unable to release memory” That Could Occur constantly file header signature searches


In: A Technology & Gadgets Asked By: [21995 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »