X-Ways Forensics 12.55 Log Out | Topics | Search
Moderators | Edit Profile

X-Ways Forum » Public Announcements » X-Ways Forensics 12.55 « Previous Next »

Author Message
Top of pagePrevious messageNext messageBottom of page Link to this message

Stefan Fleischmann (Admin)
Posted on Sunday, Aug 28, 2005 - 21:19:   

A beta version of X-Ways Forensics 12.55 is now available for owners of a forensic license. The download link can be retrieved by querying one's license status.

What's new?

* The standard non-contents-table file overview can be now extended in a similar way as drive contents tables. Use Specialist | Refine Volume Snapshot to find orphaned files and directories on FAT volumes, lost parts of the MFT on NTFS volumes, and deleted files on ReiserFS and Reiser4 volumes. Deleted or otherwise lost directories retrieved with the refined volume snapshot will also be added to the directory tree in the case data window and will persists between sessions unless you have X-Ways Forensics trash volume snapshots when exiting. After refining the volume snapshot, the fictitious directory "Deleted Objects" will become available for ReiserFS and Reiser4 volumes.

* State-of-the-art 256-bit AES/Rijndael encryption has been added. This implementation of AES runs in counter (CTR) mode and works with hashed 256-bit keys, cryptographically sound random input ("salt"), and a randomized 128-bit initial counter. Use Edit | Convert to encrypt/decrypt one or several files at a time.

* Evidence files can now be encrypted with 256-bit AES as well. Encrypted evidence files still allow for random read access. Data transfer rates from encrypted evidence files are sligthly worse than from unencrypted evidence files, of course.

* It is now possible to password-protect case files and either prevent unauthorized opening or only unauthorized saving. This protection is no encryption, so it can be circumvented with sufficient effort and knowledge.

* Adding files to the table of particularly noteworthy items and highlighting (tagging) files are now two separate operations. So you may now decide to tag files for other purposes, e.g. to mark them as "already examined". However, if you still wish to tag files to mark them as noteworthy, a new option among the directory browser options allows you to retain the previous behavior. As a side-effect of the separation, it is now possible to add files within archives to the table of noteworthy files.

The final 12.55 version will be a free update for all owners of licenses issued for v11.7 or later.
Top of pagePrevious messageNext messageBottom of page Link to this message

Stefan Fleischmann (Admin)
Posted on Tuesday, Aug 30, 2005 - 16:37:   

Beta 3:

* There is now a Refine Volume Snapshot dialog window that allows to update the "standard" or create a "thorough" volume snapshot.

* As the first feature otherwise only known from contents tables, this dialog window allows to compute skin color percentages for inclusion in the volume snapshot.
Top of pagePrevious messageNext messageBottom of page Link to this message

Stefan Fleischmann (Admin)
Posted on Tuesday, Aug 30, 2005 - 21:52:   

Beta 4:

* Some minor fixes and improvements.
Top of pagePrevious messageNext messageBottom of page Link to this message

Stefan Fleischmann (Admin)
Posted on Wednesday, Aug 31, 2005 - 19:24:   

Beta 5:

* In cases created with XWF 12.55 Beta 5 and later, there will be one additional subdirectory per evidence object, with the prefix "_Metadata". The standard subdirectory will be reserved for original files extracted from the evidence file, the metadata subdirectory will be used for files created by XWF itself: contents tables, search hit lists, and also the volume snapshot files. Like this, there can be no confusion about what files can be considered original evidence and what files are rather of an auxiliary nature. Also it is now easy to identify the snapshot files that correspond to a given evidence object.
Top of pagePrevious messageNext messageBottom of page Link to this message

Stefan Fleischmann (Admin)
Posted on Thursday, Sep 1, 2005 - 11:46:   

(Before you continue to work with cases created with XWF 12.55 Beta 5 in the final 12.55 version, please rename the subdirectory "temp" to "_temp" and the subdirectory "log" to "_log" manually. Thank you.)
Top of pagePrevious messageNext messageBottom of page Link to this message

Stefan Fleischmann (Admin)
Posted on Saturday, Sep 3, 2005 - 0:52:   

v12.55 was released, the beta version is no longer available.
Top of pagePrevious messageNext messageBottom of page Link to this message

Ross@WinPro.net
Posted on Wednesday, Sep 7, 2005 - 23:19:   

12.55 sr-3

> particularly noteworthy items and highlighting (tagging) files ... a new option among the directory browser options allows you to retain the previous behavior

Options -> Directory Browser -> Tag files when adding to "Notew."

I cannot get this to work ...

I enable it but subsequent additions to Noteworthy are not tagged (highlighted). However, I can manually tag an object.

Do I need to adjust other settings? Perhaps a highlight color?

--------


I would like to be able to easily select multiple items from the Gallery View, currently I have found that I can do so with the control-key/mouse, which allows me to indiviually add to my selection but is slow. Is there a faster method? I have tried the Shift-key/mouse to select a range to no avail are there any other keyboard/mouse combinations?

--------

Thank you,

Ross@WinPro.net
Top of pagePrevious messageNext messageBottom of page Link to this message

Ross@WinPro.net
Posted on Wednesday, Sep 7, 2005 - 23:22:   

oops!

That is 12.55 sr-1

sorry,

Ross@WinPro.net
Top of pagePrevious messageNext messageBottom of page Link to this message

Stefan Fleischmann (Admin)
Posted on Thursday, Sep 8, 2005 - 0:03:   

Fixed now with v12.55 SR-3.
Top of pagePrevious messageNext messageBottom of page Link to this message

Stefan Fleischmann (Admin)
Posted on Saturday, Sep 10, 2005 - 2:03:   

v12.55 SR-4: Fixes an error that occurred under certain circumstances when opening multiple images at the same time.
Forum operated by X-Ways Software Technology AG.