x-ways forensics

The latest version of x-ways forensics is a practical software that is very easy to use and can help computer forensic analysts perform forensic analysis. x-ways The latest version of forensics supports disk cloning and mirroring functions, allowing users to obtain complete data. The Chinese version of x-ways forensics can analyze RAW/dd/ISO/VHD/VMDK Format the complete directory structure in the original data image file, and support segmented image files.

x-ways forensics software introduction

X-Ways Forensics is a powerful, comprehensive forensics and analysis software for computer forensic analysts, available on Windows Runs under XP/2003/Vista/2008/7/8/8.1/2012/10 operating system, supports 32/64-bit, Standard/PE/FE and other versions. (Windows FE is described here, here and here.) Compared with other competing products, because it takes up less resources at runtime, it works more efficiently, runs faster, and can recover deleted files and search for results that other software cannot. It also contains many unique features and, most importantly, is cheaper. X-Ways Forensics is portable and can be used under any Windows operating system via a USB flash drive without installation. Unlike some other forensic analysis tools, X-ways Forensics does not require users to set up a database and other cumbersome operations, and the ultra-small installation package can be downloaded and installed in seconds. It works with WinHex hex and disk editor Tightly integrated to provide an efficient workflow model so that computer forensic investigators can share data and work collaboratively with investigators using X-Ways Investigator.

x-ways forensics function introduction

​ ·Disk cloning and mirroring functions for complete data acquisition

·Can analyze the complete directory structure in the original data image file in RAW/dd/ISO/VHD/VMDK format, and supports image files saved in segments

·Supports full access to disk, RAID, and mirrors with a sector size of 8KB and a maximum of 2TB

·Supports JBOD, RAID0, RAID 5, RAID 5EE, RAID 6, Linux software RAID, Windows dynamic disks and disk arrays such as LVM2

​ ·Automatically identify lost/deleted partitions

·Support FAT12, FAT16, FAT32, exFAT, TFAT, NTFS, Ext2, Ext3, Ext4, Next3, CDFS/ISO9660/Joliet, UDF file system

​ ·No need to modify the original hard disk or image to correct the partition table or file system data structure to parse the file system

​ ·View and obtain running processes in RAM and virtual memory

​ ·A variety of data recovery functions that can recover specific file types

​ ·Maintain file header signature database based on GREP symbols

·Supports 20 data types for interpretation

​​·Use templates to view and edit binary data structures

​ ·Data erasure function can completely clear residual data in storage media

·Can collect residual space, free space, and partition gap information from disk or image files

​ ·Create a list of files and directories in the evidence file

​ ·Ability to easily discover and analyze ADS data (NTFS exchange data streams)

​ ·Supports multiple hash calculation methods (CRC32, MD4, ed2k, MD5, SHA-1, SHA-256, RipeMD...)

​ ·Powerful physical search and logical search functions, which can search for multiple keywords at the same time

​ ·Automatically add color to file record data structures in NTFS volumes

·Bookmarks and annotations

·Can run in Windows FE and other Windows environments

​ ·Remote computer analysis can be performed with F-Response

x-ways forensics software features

​ 1. View Windows event log files (.EVT, .EVTX), Windows shortcut (.LNK) files, Windows pre-read files, $LogFile, $UsnJrnl, restore point change.log, Windows Task Scheduler (.job), $EFS LUS, INFO2, restore point change.log.1, wtmp/utmp/btmp log-in records login records, MacOS X system kcpassword, AOL-PFC, OutlookNK2 autocomplete file, Outlook's WAB address book, IE browser travellog (aka RecoveryStore), IE browser index.dat history and browser cache database, SQLite database, such as Firefox browsing history , Firefox downloads, Firefox forms history, Firefox add-ons, Chrome cookies, Chrome history archive, Chrome history, Chrome login data, Chrome web data, Safari cache, Safarieeds, main.db database for Skype contacts and file transfers, etc. wait

​ ​ 2. Extract metadata and internally create timestamps from various file types and allow filtering by them, such as MS Office, OpenOffice, StarOffice, HTML, MDI, PDF, RTF, WRI, AOL, PFC, ASF, WMV, WMA, MOV, AVI, WAV, Tracking.log for MP4, 3GP, M4V, M4A, JPEG, BMP, THM, TIFF, GIF, PNG, GZ, ZIP, PF, IEcookies, DMP memory dump, hiberfil.sys, PNF, SHD and SPL printer backend, MDB, MS Access database, manifest.mbdx/.mbdb iPhone backup

3. Can extract almost any kind of embedded file (including pictures) from any other type of file, extract thumbnails from JPEG and thumbnail cache, extract .lnl shortcuts from jump lists, extract from Windows.edb, Extract various data from browser cache, extract PLists from SQLite database tables, extract miscellaneous elements from OLE2 and PDF documents, etc.

x-ways forensics installation steps

​ ​ 1. Download the latest version of x-ways forensics software package from Huajun Software Park

​ ​ 2. Unzip the x-ways forensics software and run the "EXE. file"

​​ 3. Double-click to open and enter the x-ways forensics software interface

4. This software is a green version and can be used without installation.

x-ways forensics update log

​ 1. Efficient disk mirroring with intelligent compression function;

​​ 2. Able to read and create .e01 evidence files, and can encrypt evidence files with 256-bit AES;

​ 3. Complete case management functions;

​ 4. Automatically create software operation logs (audit logs);

​ 5. Data write protection function to ensure data authenticity;

​​ 6. Have remote disk analysis capabilities in a network environment;

​Special instructions:

Hello, the software you are about to use is an auxiliary tool and may be intercepted and checked by major anti-virus software. There may be risks in using this software. Please pay attention to avoid it. If you want to continue using it, it is recommended to close various anti-virus software before using it. .

Attached is the software package decompression password: softwaredownload4.com