November 28, 2004 This mailing is to announce a major update, v11.9.Download URLs:WinHex: -ways.net/winhex.zip (all languages)WinHex: -ways.net/winhex-e.zip (English only)X-Ways Forensics: registered users please log in at -ways.net/winhex/upgrade.html to receive the URLWinHex 11.9 is a free update for all users who purchasedWinHex 11.0 or newer (e.g. online after Aug 12, 2003). If youdo not qualify any more, or if you are interested in a differentlicense type, please find out more about online upgrading at -ways.net/winhex/upgrade.html. Purchasing thecurrent version (or upgrading) entitles you to receive updatesreleased in the following 12 months or more at no cost.-------------------------------------------------------------TRAININGComputer forensics training in Seattle: January 25-28, 2005For more information please see -ways.net/training.htmland -ways.net/signup_ext.html.-------------------------------------------------------------WHAT'S NEW?* WinHex now allows logical search operations in files anddirectories that are selected in the directory browser, evenif a partition is available e.g. as an image file only and notmounted as a logical drive letter in Windows. The SimultaneousSearch command for this can be found in the directory browser'scontext menu (specialist or forensic license only). Advantagesand disadvantages:+ The search scope can be limited to certain files anddirectories, also certain files that are part of a contentstable.+ Searching in files (usually = in the cluster chainsallocated to files) is a "logical" kind of search. Will findsearch term occurrences even if the search term happens to bephysically split in a fragmented file (occurs at the end andthe beginning of two disjoint clusters) and even if the fileis compressed at the NTFS file system level or if it is partof an archive such as ZIP, RAR, GZ etc. (not if encrypted).(forensic license only).+ Files in which the searm term occurs can be automaticallyopened.- Unlike a search operation on a partition = search in apartition's sectors (= a "physical" kind of search), does notinclude unallocated space, slack space, or special systemareas such as file allocation tables or logical surplussectors.* There is no duplication of search hits in the Position Managerany more. E.g. if you first search physically and then logicallyon a partition and have WinHex archive search hits both times,only additional hits will be added the second time.* Annotations manually added to evidence objects are nowmaintained and reported separately from search hits. Importantsearch hits can be moved to the list of annotations with thePosition Manager's context menu. Search hits are now collectivelyrecorded with the date and time when the search operation began(useful for sorting by two criteria).* The UDF file system is now supported in addition to FAT,NTFS, Ext2/Ext3, and CDFS/ISO9660 (specialist and forensiclicenses only).* WinHex can now estimate the original size of MS Officedocuments when recovering such files "by type" and can nowalso distinguish between MS Excel, MS Word, and MS PowerPointfiles and name them accordingly. (since v11.8 SR-3)* WinHex now understands both ways of numbering raw image filesegments, .000-based and .001-based. Newly created image filesegments will now start with .001 instead of .000. (sincev11.8 SR-3)* WinHex now tries to identify obvious deleted partitionsautomatically and can scan for further formerly existingpartitions in unpartitioned disk space when you invoke Tools Disk Tools Scan For Lost Partitions.* Contents tables are now loaded back into the directorybrowser at twice the speed. Unloading large contents tableshas become similarly faster.* The directory browser can now sort in reverse order andstill reveals the previous sort criterion with a lighterarrow. For example, if you first click the filename columnand then the filenameextension column, files with the sameextension will be internally still sorted by name. Also thedirectory browser can optionally now be displayed with agrid (see General Options).* The directory browser has new icons for deleted files anddirectories. Deleted objects that WinHex knows are no longeraccessible (either because their first cluster has beenreallocated or because they have a size of 0 bytes) haveicons crossed out in red.* There is now a tooltip that indicates the path of a fileif you place the mouse cursor over its icon in a contentstable.* There is now a small extra button (a floppy disk icon) thatallows to save changes to a contents table, after havingdeleted irrelevant files or directories from it.* It is now possible to create drive contents tables for allevidence objects in a case without further user interactionin one step.* A new option allows to create a case wide global contentstable, by unifying contents tables from various evidenceobjects. The menu command for this can be found in the CaseData Edit menu. Such a unified contents table is the mostpowerful way to review all files from all directories, fromall partitions, from all media and image files associatedwith a case. (forensic license only)* There is now an option under Edit Convert that allows tostretch 7-bit ASCII, which can be found e.g. on mobile phoneSIM cards, to readable 8-bit ASCII.* There are now script and API commands that allow to interpretraw images, Encase images, and evidence files like physicaldisks or partitions, as known from the Specialist menu command.* It is now possible to select a track of a multi-session CDfor display in the directory browser.* It is now possible to include data analysis charts in thecase report (via the context menu).* Depending on which encryption algorithm was used, it is nowpossible to decrypt many encrypted ZIP and RAR archives ifyou know the original password, when exploring them in thedirectory browser. (forensic license only)* Filename mask string for contents table creation extendedfrom 32 to 256 characters at max. "*.*" now means "files witha dot in their name". Generally two asterisks per file maskpermitted now, at the beginning and end of the mask.* Previously, there was a small chance that WinHex was unableto determine the location of a file or directory on an NTFSvolume, and a warning was displayed in that case. Theprobability of such a case has been considerably furtherreduced. * Many other minor improvements.-------------------------------------------------------------X-Ways Replica 2.3 is now available for owners of a forensiclicense.* ATA password-protected drives can be unlocked with user ormaster password until system reboot if password is known.* Ext2, Ext3, Reiser, Linux Swap, JFS, XFS, MFS/HFS, and HPFSpartitions are now recognized as such. * Available drive letters are listed when entering source ordestination image filename with path.* Entering image filenames can be aborted any time by pressingthe ESC key.* New menu font color light gray instead of blue.* X-Ways Forensics or Evidor license file needs to be present.Since v2.2:* Host-protected areas (HPAs) can now be disabled (unlocked)either permanently or until the next reboot only, so that itis accessible for cloning/imaging. * Up to 32 partitions are now displayed in the list and availablefor selection (instead of 15 at max. before). * Image segment numbering now starts with .001 (or non-numericextension) instead of .000. The second segment ends with .002. * Copying selected sectors: Number of lines no longer limitedto 500.-------------------------------------------------------------FAQ: HOW TO INSTALL THE UPDATE CORRECTLY?Install the new version to the folder with your existing WinHexinstallation, using the setup program. There is no need forprior uninstalling. The existing installation must not berunning when installing, of course. The setup program will warnyou if your license no longer supports the new version as a freeupdate, or if you need new license codes, before overwriting theexisting installation.FAQ: WHAT VERSION DID I ORIGINALLY PURCHASE?The Help About box tells you what version your license wasissued for.

October 25, 2004 This mailing is to announce a major update, v11.8.Download URLs:WinHex: -ways.net/winhex.zip (all languages)WinHex: -ways.net/winhex-e.zip (English only)X-Ways Forensics: registered users please log in at -ways.net/winhex/upgrade.html to receive the URLWinHex 11.8 is a free update for all users who purchasedWinHex 10.92 or newer (e.g. online after July 13, 2003). If youdo not qualify any more, or if you are interested in a differentlicense type, please find out more about online upgrading at -ways.net/winhex/upgrade.html. Purchasing thecurrent version (or upgrading) entitles you to receive updatesreleased in the following 12 months or more at no cost.-------------------------------------------------------------TRAININGComputer forensics training in Seattle: January 25-28, 2005For more information please see -ways.net/training.htmland -ways.net/signup_ext.html.-------------------------------------------------------------WHAT'S NEW?* In addition to FAT and NTFS, WinHex now fully supports thefile systems Ext2, Ext3, and CDFS/ISO 9660/Joliet. (specialistand forensic license only)* Compatibility with Linux and Wine has been improved. WinHexcan now easily open devices such as hard disks and main memorywhen run under Wine.* Positions/bookmarks/annotations may now have a descriptionof up to 8192 characters (instead of just 255). Also they cannow have an arbitrary length (instead of always just 1 byte).Plus you can select a unique color for each bookmark! Bookmarkcolors are mixed with block colors if a bookmark and the blockoverlap.* The limit of the simultaneous search's overall search termlength has been extended from 255 to 30,000 characters. All thesearch terms will be included in the case log. Also, you cannow easily load and save search term lists!* The Tools Disk Tools Clone Disk feature now works up to30% faster if you enable simultaneous I/O and the destinationis not the same physical medium as the source.* There is now a dedicated command for creating hash sets inthe directory browser's context menu (forensic license only).It is no longer necessary to create a contents table as a by-product of a hash set.* When creating a drive contents table, WinHex can now performan entropy test on unknown files to check whether they might beencrypted. (forensic license only)* When manually deleting irrelevant items from a contents tablethat is associated with an evidence object, WinHex can now saveyour changes to the contents table file. Plus it is now possibleto review the original settings used to create a contents tablethat is associated with an evidence object, with the Propertiescommand.* Greedy RAM utilization for very large partitions is no longera problem.* There is now an alternative access method for optical discsand physical hard disks under Windows NT/2000/XP (see GeneralOptions), which may allow to access hard disks formatted in anunconventional way or other media that cannot be accessedotherwise, plus some sectors at the end of CD-ROMs/DVDs thatmay otherwise be missed.* There is a new option in the Edit Conversion list thatallows to decompress raw data from any number of 16-clusterunits compressed by NTFS.* There is an option "Ext2/Ext3 block logic" in File Recoveryby Type that causes this recovery method to deviate from thestandard assumption of no fragmentation in that it will followthe typical Ext block pattern.* File Recovery by Type can now be applied to all open windows(e.g. 10 partitions) at the same time.* File Recovery by Type can now create and fill a new subfolderwith recovered files if the maximum number of files per folder you specify is exceeded. This is useful because e.g. WindowsExplorer can become very slow when dealing with huge folders.* When creating a contents table, filename/file type mismatchesare now detected for non-existent (deleted or orphaned) files,too. Please note that false alerts might be displayed if adeleted file's clusters have been re-allocated to another fileof a different type in the meantime.* It is now possible to specify a "null device" as the destinationfor the Clone Disk functionality. This is useful if you areinterested in the report about bad sectors, but do not wish toactually copy all the sectors somewhere. (since v11.7 SR-5)* It is now possible to create a raw image out of an evidence fileor vice-versa, and/or split or compress a previously unsplit/uncompressed image, by applying the Create Disk Image to an imagefile again. (since v11.7 SR-5)* Support for BZ2 archives and for superfloppy format improved.(since v11.7 SR-2)* Status bar added to registry viewer. (since v11.7 SR-1)* Slack space processing error fixed that was temporarily presentin v11.7 (SR-7 through SR-13).* Many other minor improvements.

X-ways WInhex 14 download

Download Zip: https://inutegyu.blogspot.com/?lc=2vCNhI

2ff7e9595c