X-Ways Forensics 15.0 Log Out | Topics | Search
Moderators | Edit Profile

X-Ways User Forum » Public Announcements » X-Ways Forensics 15.0 « Previous Next »

Author Message
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Sunday, Apr 20, 2008 - 17:05:   

X-Ways Forensics 15.0 will feature a totally revised indexing algorithm that specifically utilizes multiple processor cores and on systems that have multiple process cores runs faster than its predecessor, in particular when taking the (optional) optimization step into account.

A "New Index Preview" version is already available for download. The download link can be retrieved by querying one's license status. This version is identical to v14.9 SR-1, except for the indexing algorithm.

Known problems:

* Processing the decoded version of PDF files with no textual contents currently may result in a circular loop (rarely).
* Progress percentage bar misbehaves at times.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Monday, Apr 28, 2008 - 0:48:   

v15.0 Preview:

* New indexing: Above-mentioned errors fixed. New known error: When indexing small amounts of data (few KBs or MBs), the created index may be empty.

* When verifying file types, for files that are not recognized by any entry in the file header signature database, X-Ways Forensics now makes additional attempts at detecting the file type. Useful to recognize file types that do not have a fixed signature, e.g. .eml e-mail messages, programming language source code, batch files, and many more.

* The names of extracted .eml files are now usually more authentic especially if the subject line is encoded in an Asian code page.

* When outputting report tables to the case report, to make the report more compact (e.g. for printing), it is now possible to break the filename and paths lines after a user-defined number of pixels. Helps to avoid that the report becomes wider than a printable page, especially when referencing more than one file per row.

* When viewing search hits in the decoded version of e.g. PDF documents in raw preview mode, you now see the exact raw decoded text as used for searching. Useful if the viewer component cannot highlight a search hit in the regular view of the PDF document.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Friday, May 2, 2008 - 12:09:   

Preview 2:

* Same fix level as v14.9 SR-3.

* Above-mentioned known error in new indexing algorithm fixed.

* Some minor improvements and some small fixes for the above-mentioned new features.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Monday, May 12, 2008 - 14:25:   

Preview 3:

* Some glitches in new indexing operation fixed.

* Some minor improvements in e-mail processing.

* Same fix level as v14.9 SR-4.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Friday, May 23, 2008 - 13:47:   

Beta:

* It is now possible to manually define a block in Volume/Partition/Disk mode and add it to the volume snapshot as a carved file. Useful if you wish to treat data in a certain area (e.g. HTML code or e-mail messages found floating around in free space) as a file, e.g. to view it, search it specifically, comment on it, add it to a report, etc. The command for that can be found in the Edit menu.

* The German name of the virtual directory for carved files has been changed from "Per Signatur gefunden" to "Aus Sektoren herausgemeißelt" (Übersetzung/Umschreibung für "carved"). Wenn Sie eine andere Benennung vorschlagen möchten, melden Sie sich bitte.

* A new directory browser option called "Full path sorting" for objects that have child objects has been introduced. The effect is that, if sorted by path, child objects will be listed directly after their respective parents (e.g. files after their parent directories, e-mails after the e-mail archives from which they have been extracted, e-mail attachments after their containing parent e-mail messages, compressed files after their parent archives, etc.).

* Support for more than 255 file type signature definitions.

* Two more external programs can be defined.

* The first portion of the Details mode ("Data from the Volume Snapshot") is now displayed as a table, which is visually more appealing.

* Metadata extraction from BMP files and (on logical drive letters) EXE/DLL files.

* Same fix level as v14.9 SR-5.

.cfg files from previous versions cannot be imported any more.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Thursday, May 29, 2008 - 0:56:   

Beta 2:

* Some fixes of errors in previous Beta version.

* Some minor improvements.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Friday, May 30, 2008 - 16:41:   

Beta 3:

* The file type signatures database now distinguishes between signatures that are useful for file type verification only (to verify the type of files that are already contained in the volume snapshot, forensic license only) and signatures that are strong and important enough to also use them in a file header signature search, i.e. to find additional files. For that purposes, two separate definition text files now ship with X-Ways Forensics. The purpose is to keep users from blindly selecting all file types for the search, from getting too many false positive for weak signatures as a consequence, from geting too many garbage files (e.g. MPEG fragments that cannot be played), from getting too many irrelevant files (e.g. font files, cursor files), and from unnecessarily suffering from a slow search speed, and from complaining about all of this. Of course it's still possible to add new file type definitions for file header signature searches or to move file type definitions from one definition file to the other consciously.

* File type signature and category definitions have been further expanded.

* Previously existing files whose first clusters are known to be overwritten are no longer checked for their true file type.

* Zip and Rar archives that X-Ways Forensics knows contain encrypted files are now marked as encrypted themselves, with "e!" (file format specifically encrypted) in the Attribute column. Allows to focus on such files more conveniently than before. (And some users didn't realize how it was possible before.)
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Monday, Jun 2, 2008 - 13:57:   

v15.0 was just released. The log-in data for the download has changed.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Thursday, Jun 19, 2008 - 2:00:   

SR-1:

* Two errors in the new indexing algorithm of v15.0 have been found and fixed. The index was not 100% complete, and under certain circumstances an infinite loop and/or the errors 1074 and 1075 could occur.

* Identical consecutive video stills will not be included any more in the volume snapshot when extracting pictures from videos with MPlayer.

* It is now theoretically possible to specify an interval as short as 1 second for video still extraction. Whether you actually get additional pictures/different stills with such a low setting, however, depends on the encoding and compression of the respective video file.

* For images of optical media that contain both a CDFS and UDF file system and that are associated with a case as evidence objects, X-Ways Forensics now prompts the user for the preferred file system only once, when opened for the first time.

* Fixed the error message that under certain circumstances claimed that the viewer component had to be activated although it was already activated.

* Application-created report table associations (as opposed to user-created ones) are now represented by gray instead of green triangles in the directory browser, which makes it easier to distinguish between the two.

* Several other minor improvements.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Thursday, Jul 10, 2008 - 17:18:   

SR-2:

* Ability to limit the scope of the file header signature search to a certain sector range (more precisely, a selected block). This is useful e.g. if a previous file header signature search has been aborted, to save time.

* The size of PSD files is now intelligently detected when running a file header signature search.

* The maximum number of report tables supported in a case has been increased to 128.

* Fixed an error that under certain circumstances prevented the new indexing algorithm of v15.0 from completing.

* Fixed an exception error that could occur under certain circumstances when reading from previously existing files where the location of the data was unknown.

* Fixed an error in the export of the search hit column with context.

* Fixed an exception error that could occur when reconstructing RAIDs using images.

* Various minor improvements.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Monday, Jul 21, 2008 - 0:19:   

SR-3:

* The Italian translation was completed and updated (in progress).

* The copy log option no longer noticeably slows down the Recover/Copy command when copying many files.

* Occasional unavailability of the Print command in the context menu fixed.

* Fixed an exception error that could occur when running a file header signature search when in search hit list mode.

* A minimized main window at the end of a search is no longer a problem.

* Prompt for new path fixed when running out of drive space during indexing.

* Fixed an exception error that could occur when imaging RAIDs reconstructed from images.

* Fixed an error in the directory browser that could occur after refining the volume snapshot or after returning from a search hit list.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Tuesday, Jul 29, 2008 - 20:51:   

SR-4:

* Intelligent size detection when carving .tar archives.

* Minor improvements in the indexing algorithm.

* Fixed an error that could interrupt the interpretation of an .e01 evidence file with many segments.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Friday, Aug 1, 2008 - 1:14:   

SR-5:

* Files that cause exception errors or crashes during the mass metadata extraction are now reported by the program so that they can be identified, hidden and/or forwarded to us more easily.

* Fixed an exception error that could occur when clicking items in the Position Manager.

* "'x' is an invalid character" message avoided during indexing.

* Minor improvements.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Friday, Aug 8, 2008 - 18:17:   

SR-6:

* Error in new indexing algorithm fixed.

* Some minor improvements.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Saturday, Aug 23, 2008 - 12:58:   

SR-7:

* Fixed an exception error that could occur when processing large AOL PFC files.

* Interpretation of $LogFile for View command/Preview mode now slightly more complete.

* Instability in IE cookie metadata extraction fixed.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Friday, May 8, 2009 - 0:25:   

SR-8:

* Some of the fixes introduced in later versions. Available to customers on request.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Wednesday, Dec 2, 2009 - 21:11:   

SR-9:

* Some of the fixes introduced in later versions. Available to customers on request.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Sunday, Jul 18, 2010 - 17:15:   

SR-10:

* Some of the fixes introduced in later versions. Available to customers on request.

Add Your Message Here
Post:
Username: Posting Information:
Only registered users may post messages here, i.e. you need to have a profile.
Password:
Options: Enable HTML code in message
Automatically activate URLs in message
Action:
Forum operated by X-Ways Software Technology AG.