X-Ways Forensics 12.15 Log Out | Topics | Search
Moderators | Edit Profile

X-Ways User Forum » Public Announcements » X-Ways Forensics 12.15 « Previous Next »

Author Message
Stefan Fleischmann (Admin)
Posted on Wednesday, Apr 13, 2005 - 3:02:   

A preview version of X-Ways Forensics 12.15 is now available for owners of a forensic license. The download link can be retrieved by querying one's license status.

What's new?

* Tentatively included: The RAM viewer/RAM editor in WinHex so far was able to load the virtual memory of active processes. In addition to that, it is now possible to view, dump, and (in WinHex only) edit physical RAM (under Windows 2000 and XP).

* Logical search operations can now optionally extract and decode the text contained in Adobe PDF documents, Corel WordPerfect (WPD), Corel Draw (CDR), and Microsoft Visio (VSD) files and search the plaintext automatically. Potential search hits in such files would otherwise be missed because these file types typically store text in an encoded, encrypted or otherwise garbled way. This feature requires the separate viewer component to be active for the decoding and text extraction part. ( http://www.x-ways.net/forensics/viewer.html )

* Listings of search hits now usually allow you to open the corresponding file that contains the hit and (in the case of logically found search hit) automatically jump to the seach hit position. This is particularly useful for compressed files or files with search hits in decoded raw text only, where no physical disk offsets corresponding to the search hits could be shown. Both physical and relative (=logical) offsets are now displayed for logical search hits, in separate columns, if available.

* Logical searches in directories now include the directory data itself, i.e. directory entries in FAT and INDX records in NTFS will be searched as well.

* Filesystem areas such as the file allocation table, Ext inodes or the internal Reiser tree can now be logically searched in a convenient way via a new dummy item in the directory browser similar to "Free Space".

* There is now a legend that explains icons, colors, and attributes listed in the directory browser. (forensic licenses only, since v12.1 SR-2)

* There is now an optional column "File Type Category" in the directory browser. (forensic licenses only, since v12.1 SR-3)

* ATA password protection can now be detected on hard disks under Windows 2000 and XP by creating a Media Details Report (since v12.1 SR-4). If detected, the protection level is reported and whether or not the master password has been changed from factory default.

* Many other minor improvements.
Stefan Fleischmann (Admin)
Posted on Thursday, Apr 14, 2005 - 1:50:   

Preview 4:

* Evidence file segment size limited to 2025 MB (because of this error).

* Access to data in raw image files (since v12.1 SR-4) and in evidence files has generally become somewhat faster.
Stefan Fleischmann (Admin)
Posted on Thursday, Apr 14, 2005 - 23:19:   

Preview 5:

* When loading very large files with the separate viewer takes too much time, while the rendering the file content in the full-size or preview viewer window has not yet begun, you can now abort the process with the mouse cursor in a convenient way. The timeout option has been removed.

* Right-clicking a file in the directory browser (to bring up the context menu) no longer triggers the preview to refresh and possibly delay the context menu.

* When importing folders with hash set files, it is now possible to import these files into a single hash set in the internal database, that is unify them under one name.

* Importing folders with many hash set files into the internal hash database is now considerably faster.

Please test and send comments on v12.15 by e-mail or in the forum. Thanks.
Stefan Fleischmann (Admin)
Posted on Friday, Apr 15, 2005 - 1:14:   

Preview 6:

* External Programs dialog window error fixed.
Forum operated by X-Ways Software Technology AG.