X-Ways Forensics 20.5 Log Out | Topics | Search
Moderators | Edit Profile

X-Ways User Forum » Public Announcements » X-Ways Forensics 20.5 « Previous Next »

Author Message
Stefan Fleischmann
Username: admin

Registered: 1-2001
Posted on Tuesday, Jan 11, 2022 - 17:58:   

A preview version of X-Ways Forensics 20.5 is now available. The URL of the download directory for all recent versions can be retrieved by querying one's license status as always.

What's new in v20.5 Preview 1?

* New command "Capture Processes" in the Tools menu in X-Ways Forensics that allows to acquire all data in the memory of running processes on a live system contiguously (i.e. pages in the order as allocated by the process). The creation times of processes can be seen as the creation timestamps of the memory dumps. Pages marked as containing executable code (PAGE_EXECUTE* styles) are optional and if omitted will suitably reduce the amount of data if you are merely interested in keyword searches or carving and not malware analysis. Carving in the memory dumps (files shown as type "mem") can be performed by uncovering embedded data, one of the functions of volume snapshot refinement.

* This command can also produces a tab-delimited list of all top-level windows with their titles and corresponding processes plus (comma-delimited) the titles of their child windows. Screenshots of some of the top-level windows are taken and output automatically. If this functionality is used without administrator rights, only processes of the current user are covered, otherwise all processes.

* The output folder of "Capture Processes" is by default either a subdirectory of the case or - if no case is active - a subdirectory of the directory for images. It can be automatically explored in Windows File Explorer once the output is complete and/or added to the active case as a directory.

* Recognizes Windows 11 as a platform and was confirmed to run on Windows 11 practically as well as on Windows 10.

* Supports new style of reparse point text of Windows 11.

* Applying X-Tensions to files in selected directories is now optional. (In case a particular X-Tension is useful when applied to directories only.)

* The rules of advanced sorting are now also applied to the Hash Set column.

* Improved PNG screenshot identification. In particular, a new Exif format is supported that is used mainly for Android screenshots. This allows to verify whether such Android screenshots are original.

* Further revised generating device identification (esp. smartphones, esp. all Samsung smartphones) with around 34,000 definitions and two new iOS release identifications.

* Several minor improvements.

Add Your Message Here
Post:
Username: Posting Information:
Only registered users may post messages here, i.e. you need to have a profile.
Password:
Options: Enable HTML code in message
Automatically activate URLs in message
Action:
Forum operated by X-Ways Software Technology AG.