X-Ways Investigator
21.2
NEW
Downloadable
only for customers
(latest download instructions
here)
|
X-Ways
Investigator is a powerful investigation/document analysis/report
generation application for law enforcement, intelligence agencies, and the private
sector. It runs under Windows. It was designed for investigators who are
specialized in areas such as accounting, building laws,
money laundering, corruption, homicide, child pornography, etc.,
also for investigative analysts, agents, attorneys, paralegals, prosecutors, internal and external auditors,
for the analysis part of computer forensics and electronic discovery.
X-Ways Investigator is based on
X-Ways Forensics and is a subset thereof. It's simplified user interface
offers much fewer technical options and less technical functionality than WinHex and X-Ways Forensics, so that investigators can
better concentrate on
the matter at hand.
X-Ways
Investigator is part of a certain philosophy: Splitting up the
workload into preparatory work done by forensic computing specialists
(computer forensic examiners) with
X-Ways Forensics and investigative work done by investigators can be a pivotal change, greatly accelerate the forensic process and
improve its quality.
It reduces the computer specialists' workload by allowing the investigators to take over much earlier.
More information about
X-Ways Investigator, the collaboration model, and the benefits of
evidence file containers
here.
X-Ways Investigator comes at less
than
half the price of X-Ways Forensics, and considerable volume discount
for higher quantities is available. We recommend X-Ways Investigator
to organizations that already use X-Ways
Forensics, not necessarily as a stand-alone product! We also
recommend it as a review platform for evidence data that has already
been processed using X-Ways Forensics. If before you buy you would like to know precisely how
the X-Ways Investigator user interface looks like and what it can
do, please enable the X-Ways Investigator GUI in the General
Options dialog window in X-Ways Forensics. The degree to which the
user interface is reduced and simplified is largely customizable.
X-Ways Investigator does not come with its own manual and program
help, instead the manual and help of WinHex/X-Ways Forensics is
used.
|
Feature overview:
- Case management, logging
- Automated reports that can be imported and further
processed by any other
application that understands HTML, such as MS Word
- File viewer
for hundreds of file formats included
- Ability to print documents with all file
metadata on a cover page
- Can natively read media/images with these
file systems: FAT12/16/32, TFAT, exFAT, NTFS, Ext2/3/4,
CDFS, UDF, HFS, HFS+, APFS, XFS, BtrFS, QNX, ReiserFS, Reiser4, UFS, UFS2
- Can interpret raw image files and .e01
evidence files
- A natural choice to examine the files
assorted in evidence file containers with X-Ways
Forensics
- Ability to run powerful keyword searches,
both conventional and index searches (indexes created with X-Ways
Forensics)
- Search hit listings with context preview,
e.g. like all search hits for the search terms A, B, and D in
MS Word and MS PowerPoint files below \Documents and Settings with last
access date in 2004
- Gallery view for pictures, Calendar
view for timestamps
- Ability to associate comments about files for
inclusion in the report or for filtering
- Ability to tag files and add them to customized
report tables of
notable items
- Directory tree on the left, ability to explore
and tag directories including all their subdirectories
- Powerful dynamic filters based on filename, true file type,
timestamps, file size, comments, report tables...
- Recursive view of all existing and deleted files
in all subdirectories
- Skin color detection (e.g. a gallery view sorted by
skin tone contents
greatly accelerates a search for traces of child pornography)
- Interface for PhotoDNA (only for law enforcement), which can recognize known pictures
(even if stored in a different format or altered!) and can
return the classification (CP, relevant, irrelevant) to
X-Ways Investigator
- ... and much more
X-Ways Investigator
CTR
|
X-Ways
Investigator CTR is an even further reduced version of
X-Ways Investigator, which can open only the
evidence file
containers of X-Ways Forensics and X-Ways Investigator (raw
format or .e01 evidence file), no other
images and no disks/media. X-Ways
Investigator CTR is suitable exclusively as an add-on to
X-Ways Forensics when splitting up the analysis work across multiple
investigators/specialist or when providing files in containers to
lawyers or other people involved in the case, like an extremely
powerful viewer program for containers. Findings can be exported
from X-Ways Investigator CTR and imported back into the main case in
X-Ways Forensics if desired.
Further limitations compared to X-Ways
Investigator:
- hash computation and hash database not available
- menu commands for exporting lists/subtrees
not available
- only option to refine the volume snapshot:
metadata extraction
- attaching external files not possible
- GREP syntax not supported for searching
- case log not included in case report
- internal ID columns missing
All this for a price less than half of X-Ways
Investigator. To verify what functionality exactly is available in
X-Ways Forensics CTR, you can activate the user interface of X-Ways
Investigator CTR in the General Options dialog window in X-Ways
Forensics.
|
News
Screenshot
|