Название: WinHex Версия: 18.1 Лицензия: Shareware Операционая система: Windows Язык: Other О программе: WinHex - универсальный HEX-редактор. Как редактор
дисков позволяет работать с жесткими дисками, дискетами, CD- ROM, DVD, ZIP, Smart Media, Compact Flash
memory cards и прочими носителями, при этом поддерживается FAT12, FAT16, FAT32, NTFS, CDFS. Кроме
этого, WinHex обеспечивает доступ к виртуальной памяти (этакий RAM-редактор) и
позволяет производить множество других операций, включая, например,
"клонирование" дисков или надежное удаление конфиденциальной информации (без
возможности последующего восстановления).
• Редактор для жестких дисков, дискет, CD-ROM/DVD, ZIP, Smart Media, Compact Flash и
• Собственная поддержка для FAT12/16/32, exFAT, NTFS, Ext2/3/4, Next3®, CDFS, UDF
• Встроенное интерпретирование систем RAID и активных дисков
• Различные техники восстановления данных
• Редактор RAM, обеспечивающий доступ к физической RAM и виртуальной памяти прочих
• Интерпретатор данных, опознающий 20 типов данных
• Редактирование структуры данных, используя шаблоны
• Объединение и разбивка файлов, соединяя и разделяя случайные байты/слова
• Анализ и сравнение файлов
• Полностью гибкий поиск и функции замещения
• Программирование интерфейса (API) and написание сценариев
• Кодировка AES, контрольных сумм, CRC32, случайных данных (MD5, SHA-1, ...)
• Надежное удаление частных файлов, очистка жесткого диска для защиты вашей
• Перенос всех буферных форматов, включая ASCII hex
• Преобразование между бинарными, hex ASCII, Intel Hex и Motorola S
• Набор знаков: ANSI ASCII, IBM ASCII, EBCDIC, Unicode
• Мгновенное переключение между окнами
• Генератор случайных чисел
• Поддержка файлов больше 4 Гбайт
• Высокая скорость работы
Нажмите чтобы закрыть спойлер: Возможности:
Спойлер (нажмите для просмотра содержимого)
Code• Better support for larger font sizes in the hex editor display and in character tables. Improved scaling of
various elements of the user interface with high DPI settings in Windows, especially directory browser and case tree icons, small center screen
buttons, the status bar, tag squares, sort arrows. Important especially for high resolution displays (4K or 5K displays, such as the Retina displays
of recent Mac computers) and users with below average eyesight. File and directory icons generally revised and now more consistent between directory
tree and the directory browser.
• When imaging media with active compression, X-Ways Forensics now provides immediate visual feedback about the actual amount of data found on the
disk. That is possible because disk areas that were never written as well as disk areas that were wiped achieve extremely high compression ratios. The
rolling compression ratio is represented during imaging by vertical bars in a separate window. The higher the bar, the lower the "data density" in
that area. The compression statistics are also stored in the .e01 evidence file, so that the same chart is also available at any later time from the
evidence object properties dialog when you click the "Compression" button.
• Option to fill the block hash with 1 hash set per file for multiple selected files, unlike previous versions, which d 1 hash set spanning all
• Ability to maintain 2 hash values per evidence object. Ability to import 2 hash values from .e01 evidence files produced by X-Ways Forensics or
• The option "Name output files after unique ID" in Recover/Copy is now available also when recreating complete or partial original paths in the
• The search term list now offers a "Max. 1" option when multiple search terms are selected that are not forced with a + or excluded with a -. "Max.
1" will list search hits only if they are contained in files that do not contain any of the other selected search terms. For example for 3 search
terms, to get the same results in previous versions, you would have had to list search hits for search term A while excluding B and C, then list
search hits for B while excluding A and C, and then list search hits for C while excluding A and B, which of course is not as elegant and does not
show you all such singular search hits at the same time.
• The search term list now offers a "NOT NEAR" option (abbreviated NTNR) in addition to "NEAR". With 2 selected search terms, NTNR will ensure that
only search hits are listed that are not located in vicinity of any search hits of the respective other search term. With more than 2 selected search
terms, the result is currently undefined.
• Two new case report options have been added. "Name output files after unique ID" will ensure filenames that are succinct, unique, trackable and
reproducible, and will also ensure that if the same files is associated with multiple report tables, it will be copied to the report subdirectory only
once. That saves time and drive space. "List each file only once" is a 3-state checkbox. If fully checked, no file will be referenced in the report by
more than one report table any more. Note that you can still see all report table associations of a file when it is listed in its first report table
in the report, if you output the field "Report table". If the checkbox is half-checked, that means that a file will still be referenced (listed) by
multiple report tables in the report if it has multiple associations, but copied only once and linked only from the
first report table.
• Ability to include all items in all open evidence objects in the directory browser options dialog of a recursively explore case root window.
• New X-Tension function XWF_GetEvent, which retrieves information about an event in the internal event list of an evidence object.
• X-Tension functions XWF_GetReportTableInfo and XWF_GetVSProp revised.
• Specialist | Refine Volume Snapshot now shows the size of extracted metadata and comments in memory and allows to discard extracted metadata if
necessary, to reduce main memory requirements. Now supports up to ~4 GB of extracted metadata per volume snapshot (~2 GB before).
• A new gallery option allows to tag a file by clicking anywhere in the thumbnail, not just in the tag square. That makes it more convenient to tag
a large number of files, and is more comfortable that selecting multiple files while holding the Ctrl key.
• Several minor improvements.
• Same fix level as v18.0 SR-5.
• Support for Project VIC JSON files format 1.1.
• Additional information provided to X-Tensions via the XT_Init call.
• File type verification revised. Category order revised (based on typical frequency).
• Now up to 2 alter egos of the same user may open the same case at the same time. Some users might find this useful for parallelized simultaneous
volume snapshot refinement of different evidence objects in the same case on the same computer.
• Support for the d format of the Chrome history. Support for Opera browsing history since version 15.0 (the switch to the Chromium engine).
• .evtx event log processing slightly revised.
• Several minor improvements.
• Same fix level as v18.0 SR-6.
• Support for the hash types Tiger128, Tiger160, and Tiger192.
• "Name output files after unique ID" is now a 3-state checkbox. If half checked, the files will not be named purely after the unique ID
(+extension) any more. Instead, the unique ID will be ed between base filename and filename extension.
• Nicer names for files that are extracted from Google Chrome caches.
• Some minor improvements.
• Support for Tiger Tree Hashes (TTH). Useful for investigations that involve Direct Connect P2P file sharing programs. Base32 notation for TTH can
be enabled in the directory browser options.
• Type verification revised.
• New file carving method for Quickbooks .qbw files.
• Some fixes and minor improvements.
• Support for Windows 10 (Technical Preview) as a platform.
• Several toolbar and menu icons have been revised. In particular, almost all icons are now available in high resolution for high DPI settings (for
owners of 4K or 5K displays). New icons are now shown to represent pictures, e-mails, and miscellaneous Outlook data.
• It is now easier to use CSS (cascading style sheets) for case report format definitions. In addition to defining the parameters for standard HTML
elements (which would have been possible previously already), key elements of the report are now assigned "class" parameters to simplify targeting
those for formatting purposes. Example style sheets are available to use as a basis for further modification. The report options allow picking or
editing a CSS file as part of the reporting process. The new default is "Case Report.txt". The previous default is still available as "Case Report
• Minor fix in the HTML code of search hit exports.
• Special carving support for EDB (ESE) log files (.edblog). These log files of forensically relevant in that Microsoft stores more and more
internal data about EDB s in these files. The log file record and keep the complete data that is added to a at a certain point, until it is
eventually deleted in the log file. Typically multiple such log files can be recovered from Windows systems, and search hits in such a log file are
more meaningful than in ordinary free space. Metadata is also extracted from these log files.
• Better support for the CAB file format family, which includes Windows Installer files (less interesting), Windows Cabinet (more interesting, may
contain e-mails) and Microsoft OneNote packages (also more interesting).
• Same fix level as v18.0 SR-8.
Beta 1 is also available to BYOD users.
• A few minor fixes and improvements.
• In newly taken Volume Snapshots of Ext3 and Ext4 file systems, X-Ways Forensics now considers the contents of these file systems' journals as
alternative sources for information. This may lead to the listing of additional previously existing files, or the listing of previously existing files
that were found without contents in previous versions now also found with contents, or the identification of previous names for currently existing
files (in the latter case, a note to that effect would be added to the existing file's Metadata column). Important caveat: Since Ext3/4
journaling involves copies of entire file system blocks, journal rollover will occur quite quickly on very active partitions, with the most recent
entries in the journal being identical to the current state of affairs, of course.
• Retrieves some essential information about Windows installations, if found, from partitions or images that are added to a case, and displays them
in the evidence object properties.
• Support for Deflate64 compression in zip archives.
• Fixed an exception error that could occur when extracting e-mails from certain MBOX e-mail archives.
• Minor fix for and improvement of event extraction from .evtx event logs in case events had been deleted in the event log by the user.
• Option to show pictures above the text in report tables in the case report, not below.
• Italian translation of the user interface d.
• Some other minor improvements and fixes.
• Reconciles information from Ext3/4 directory entry remnants and the journal, for a more complete and faithful representation of previously
existing files, with contents and timestamps that were not available previously.
• Files whose representations are based on an inode in the Ext3/Ext4 journal are marked with (Jrnl) in the Attr. column. A filter for such files is
• Fixed potential spill-over of sender and recipients to other e-mail fragments extracted from Windows.edb.
• Some file type verification improvements.
• Some minor improvements.
• Program help and user manual d for v18.1.
Additional change: Fixed an error that could occur when processing file archives larger than 2 GB.