X-Ways Forensics 20.2 Log Out | Topics | Search
Moderators | Edit Profile

X-Ways User Forum » Public Announcements » X-Ways Forensics 20.2 « Previous Next »

Author Message
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Tuesday, Feb 2, 2021 - 20:41:   

A preview version of X-Ways Forensics 20.2 is now available. The URL of the download directory for all recent versions can be retrieved by querying one's license status as always.

What's new in v20.2 Preview 1?

* The gallery can now operate in an alternative mode, activated with the button left to the Sync button. In that mode the gallery does not present the items currently listed in the directory browser, but instead all the child objects of a single selected item, if there are any such child objects. Those are either only direct child objects or (in mode) child objects recursively. This is a unique way to get a quick overview of entire directories or file archives with a single mouse click. Also very useful for videos from which stills have been extracted. You can right-click any listed child object in the gallery and perform various operations on that particular object. Most commands known from the directory browser context menu are available. In particular you can associate a child object with report tables that way, exclude it, tag it, or navigate to see it in its native parent directory in the directory browser with all metadata (and then you can click the Back button to return to the previous view). The child objects are listed in the gallery in ascending order of internal ID.

* Ability to extract specific data from the event payload in .evtx event logs and list them directly in the event list. This makes working with event logs much more powerful, as it allows to quickly filter for usernames, IP addresses from log-in or RDP events, task or service names, PowerShell commands, etc. The new tab-separated definition file "Event Log Events.txt" in the installation directory contains a list of event IDs, (optional) log provider and the list of individual data fields to extract. The definition file can be adjusted to your own requirements.

* Windows event logs are parsed and exported into one single TSV file, replacing the previously output multiple HTML preview files. The generated TSV file contains the complete payload of each event. It is ideally viewed in MS Excel or similar applications.

* Events are now listed with less clutter in the event list.

* Ability to extract e-mail attachments from TNEF files once they are identified as such. (Such files are usually named winmail.dat.)

* Several minor improvements.

* Same fix level as v20.1 SR-5.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Sunday, Feb 14, 2021 - 19:26:   

Preview 2:

* Ability to see the presentation of Preview and Details mode for the same file at the same time, side by side, after clicking the "+" on the Details button when in Preview mode. Clicking the Details or Preview button again will make that mode the only active mode.

* Ability to view and preview pictures in HEIC format. The gallery loads and displays HEIC thumbnails. Picture analysis and processing also supports HEIC files now.

* Android .thumbdata4 archives and HEIC files are now by default in the list to uncover embedded data. (Thumbnails in HEIC files will be output in JPEG format.)

* Keyboard shortcuts for the context menu commands to view the selected file(s) in X-Ways Forensics or in the associated program.

* The command line interface now allows to load dialog window selections. This will usually override specific parts of the configuration that is initially read from a WinHex.cfg file, at the moment when the command line parameter is processed (not when those parts of the configuration might affect what the application does). The command is "Dlg:", directly followed by the path of the .dlg file. After you save dialog window selections please verify that they can be accepted by clicking OK after saving them. Only .dlg files created in v20.2 can be used. Older versions of X-Ways Forensics can still read .dlg files written by v20.2.

* More generated devices are recognized.

* Prevents that the viewer component tries to display NTFS system files like $UpCase in Preview mmode, which was problematic.

* Various improvements.

* Same fix level as v20.1 SR-6.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Monday, Feb 15, 2021 - 13:10:   

Preview 3:

* The approximate scroll position in Details mode is now restored when selecting a different file in the directory browser or when closing and re-opening the data window or the application.

* Fixed occasional inability in Preview 2 to leave Details mode.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Friday, Feb 19, 2021 - 10:22:   

Beta 1:

* WinHex Lab Edition and higher: Ability to open and read uncompressed files on Windows Server NTFS volumes with active deduplication.

* Option to name MSG files after the e-mail subject when extracting e-mail messages and attachments from them. That could be useful for generically named MSG files.

* Some minor improvements.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Monday, Feb 22, 2021 - 17:46:   

Beta 2:

* The selection in the gallery usually exactly replicates the selection in the directory browser. However, when representing child objects of a file that is selected in the directory browser, the gallery now allows a separate selection in itself, among the child objects.

* Ability to save the contents of Details mode into an HTML file, by clicking the new floppy disk icon in the status bar.

* Some minor improvements.

* Same fix level as v20.1 SR-7.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Sunday, Feb 28, 2021 - 18:49:   

Beta 3:

* Several minor improvements.

* Same fix level as v20.1 SR-8.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Wednesday, Mar 3, 2021 - 5:52:   

Beta 4:

* Option to filter out spaces around common Chinese characters in decoded text (cf. Options | Viewer Programs). Such spaces can appear unexpectedly for example when processing certain PDF documents and can thwart keyword searches in Chinese.

* Raw previews with decoded text (i.e. Shift + click on "Raw") in Chinese were not displayed properly previously because the viewer component did not always identify the data as UTF-16. That was improved.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Wednesday, Mar 3, 2021 - 12:11:   

Beta 4:

* Option to filter out spaces around common Chinese characters in decoded text (cf. Options | Viewer Programs). Such spaces can appear unexpectedly for example when processing certain PDF documents and can thwart keyword searches in Chinese.

* Raw previews with decoded text (i.e. Shift + click on "Raw") in Chinese were not displayed properly previously because the viewer component did not always identify the data as UTF-16. That was improved.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Wednesday, Mar 3, 2021 - 15:06:   

Beta 4:

* Option to filter out spaces around common Chinese characters in decoded text (cf. Options | Viewer Programs). Such spaces can appear unexpectedly for example when processing certain PDF documents and can thwart keyword searches in Chinese.

* Raw previews with decoded text (i.e. Shift + click on "Raw") in Chinese were not displayed properly previously because the viewer component did not always identify the data as UTF-16. That was improved.
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Wednesday, Mar 3, 2021 - 15:10:   

Beta 4:

* Option to filter out spaces around common Chinese characters in decoded text (cf. Options | Viewer Programs). Such spaces can appear unexpectedly for example when processing certain PDF documents and can thwart keyword searches in Chinese.

* Raw previews with decoded text (i.e. Shift + click on "Raw") in Chinese were not displayed properly previously because the viewer component did not always identify the data as UTF-16. That was improved.

Add Your Message Here
Post:
Username: Posting Information:
Only registered users may post messages here, i.e. you need to have a profile.
Password:
Options: Enable HTML code in message
Automatically activate URLs in message
Action:
Forum operated by X-Ways Software Technology AG.