X-Ways Forensics 14.4 Log Out | Topics | Search
Moderators | Edit Profile

X-Ways User Forum » Public Announcements » X-Ways Forensics 14.4 « Previous Next »

Author Message
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Tuesday, Aug 21, 2007 - 22:24:   

A preview version of X-Ways Forensics 14.4 is now available. The download link can be retrieved by querying one's license status.

What's new?

* The internals of the NTFS file system journal $LogFile can now be viewed with the View command and in Preview mode.

* NTFS permissions can now be seen in Details mode.

* For NTFS volumes, the Technical Details Report now shows the volume GUID, the NTFS version number, and the volume flags.

* For Windows shortcut files (.lnk), any MAC addresses shown are now definitely MAC addresses. The creation date+time of the target's object ID is now also shown. Volume ID, birth volume ID and object ID are now displayed in special GUID notation.

* In a search hit list, it is now possible to recover/copy the files that contain the selected search hits automatically into subdirectories that are named based on the respective search term. For that, please try the third state of the checkbox entitled "Recreate full original path". In future releases, this checkbox will probably be renamed when the third state is selected.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Thursday, Aug 30, 2007 - 1:14:   

Preview 2:

* There is now an option to copy/append file metadata to the comments of selected files, when editing the comments, which allows to filter by this metadata with the comments filter, to export the metadata with the Export List command, and to output it with a report table in a case report. Metadata can be extracted from Windows shortcut files (.lnk), OLE2 compound files (e.g. pre-2007 MS Office), and .shd printer spool files. More file types to be added in the future.

* The buffer size for comments in the case report has been increased. Line breaks in comments are now converted to HTML line breaks for the case report.

* It is now possible to export report table associations when creating a container, so that the recipient of the container can already see classifications such as "notable", "invoice", "family", "bomb construction", etc. when adding the container to a case.

* Can now extract embedded files from MHT Web Archives if you append ";*.mht" to the series of file masks for e-mail extraction.

* It is now possible to optionally include substrings in index searches from the case root. Fixed an error that could occur when running an index search from the case root window.

* Empty indexes with no words will no longer be saved as .xfi files. As a result, there will be no annoying error messages about empty indexes any more when searching an index. An evidence object's index may be empty e.g. if you index tagged files only and the tagged files do not contain any text, have a size of zero bytes, etc.

* Under Windows Vista, the lower half of a decoupled data window no longer becomes invisible when reintegrated in the main window.

* Ability to copy selected data has hex values in GREP notation.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Saturday, Sep 1, 2007 - 14:33:   

Beta 1:

* Ability to extract e-mail messages and attachments from AOL PFC files. (Note that if these files have no extension, only a signature check will identify them as PFC files.)

* It's now possible to conveniently send the files in an evidence object's volume snapshot to an external virus scanner. (forensic license only) Infected files will be added to a report table named "Virus suspected". The command can be found in the Specialist menu. Please see the program help for details.

* When extracting embedded JPEG files from other files, X-Ways Forensics is now more strict when deciding what actually is a JPEG file and what only looks like one.

* More space for the user-specified comments on a file when printing with a cover page.

* Improvements of v14.3 SR-5 included.

* Some other minor improvements.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Sunday, Sep 9, 2007 - 13:03:   

Beta 2:

* Further limitations of the reduced user interface of X-Ways Investigator can now optionally be specified individually for certain users even in a shared installation, by creating copies of the investigator.ini file named "investigator *.ini", where * is the respective username.

* Including directories in a recursive view is now a 3-state option. In its middle state, real directories are not included, but archives treated as directories are.

* Fixes of v14.3 SR-6.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Sunday, Sep 16, 2007 - 16:18:   

Beta 3:

* Windows Prefetch files can now be conveniently viewed.

* Some improvements in AOL PFC processing.

* The internal file header signature search algorithm can now automatically detect the original size of Outlook PST, AOL PFC, Prefetch, EMF, and SPL files.

* Files that were recognized as irrelevant with the help of the hash database can now be optionally excluded from further volume snapshot refinement operations. This has an immediate effect if hash database matching is selected at the same time with other options such as skin color computation, search for embedded pictures etc.

* There is a new command in the Position submenu of the context menu in the search hit list of a volume that allows to conveniently exit the search hit list and navigate to the respective file in its directory.

* Earlier versions of X-Ways Forensics left it to the user to decide whether to search for file header signatures in partitioned space on a physical partitioned evidence object as part of the Refine Volume Snapshot operation. This option has been removed, and the search is now run in partitioned space only within the partitions themselves, to avoid unnecessary duplication.

* Fixed an exception error that could occur under certain circumstances when starting indexing.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Thursday, Sep 20, 2007 - 15:51:   

v14.4 has just been released.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Tuesday, Sep 25, 2007 - 14:38:   


* More robust when extracting thumbails from thumbs.db files.

* In "direct" mode, continues filling containers despite read errors and merely reports what files could not be copied.

* A few minor improvements/fixes.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Tuesday, Oct 9, 2007 - 12:00:   


* Fixed instability issue with long paths.

* Last access and last modification date+time were swapped when viewing Windows .lnk shortcut files. This was fixed.

* .eml files in report tables are now internally linked from within the case report with a .txt extension, which allows to view them in Internet Explorer.

* Avoids file cache problem in Windows Vista when working with large image files.

* If only skin color percentages were computed and nothing else was changed in the volume snapshot since opening an evidence object, X-Ways Forensics would not save the skin color percentages when closing the evidence object. This was fixed.

* Some other minor fixes.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Sunday, Oct 28, 2007 - 8:05:   


* Fixed an error with very long filenames in thumbs.db.

* Fixed search hit preview length for DBCS code pages.

* Some minor improvements and fixes.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Thursday, Mar 13, 2008 - 12:41:   


* Some of the fixes introduced in later versions. Available to customers on request. Final release.

Add Your Message Here
Username: Posting Information:
Only registered users may post messages here, i.e. you need to have a profile.
Options: Enable HTML code in message
Automatically activate URLs in message
Forum operated by X-Ways Software Technology AG.