X-Ways Forensics & Winhex Manual
Total Page:16
File Type:pdf, Size:1020Kb
X-Ways Software Technology AG X-Ways Forensics/ WinHex Integrated Computer Forensics Environment. Data Recovery & IT Security Tool. Hexadecimal Editor for Files, Disks & RAM. Manual Copyright © 1995-2021 Stefan Fleischmann, X-Ways Software Technology AG. All rights reserved. Contents 1 Preface ..................................................................................................................................................1 1.1 About WinHex and X-Ways Forensics.........................................................................................1 1.2 Legalities.......................................................................................................................................2 1.3 License Types ...............................................................................................................................4 1.4 More differences between WinHex & X-Ways Forensics............................................................5 1.5 Getting Started with X-Ways Forensics........................................................................................6 2 Technical Background ........................................................................................................................7 2.1 Using a Hex Editor........................................................................................................................7 2.2 Endian-ness...................................................................................................................................8 2.3 Integer Data Types........................................................................................................................8 2.4 Floating-Point Data Types ............................................................................................................9 2.5 Date Types ....................................................................................................................................9 2.6 ANSI ASCII/IBM ASCII............................................................................................................10 2.7 Checksums, Hashes, Digests.......................................................................................................11 2.8 Attribute Legend .........................................................................................................................12 2.9 Technical Hints ...........................................................................................................................13 3 User Interface.....................................................................................................................................14 3.1 Overview.....................................................................................................................................14 3.2 Start Center .................................................................................................................................15 3.3 Directory Browser.......................................................................................................................16 3.3.1 General Description................................................................................................................16 3.3.2 Virtual Objects........................................................................................................................18 3.3.3 Filtering ..................................................................................................................................19 3.3.4 Columns and Filters................................................................................................................20 3.3.5 More about the Timestamp Columns .....................................................................................31 3.3.6 FlexFilters...............................................................................................................................33 3.4 Mode Buttons..............................................................................................................................33 3.5 Status Bar....................................................................................................................................40 3.6 Data Interpreter ...........................................................................................................................41 3.7 Position Manager ........................................................................................................................42 3.8 Useful Hints ................................................................................................................................43 3.9 Command Line Parameters.........................................................................................................45 3.10 User-Defined Keyboard Shortcuts..............................................................................................48 4 Menu Reference .................................................................................................................................51 4.1 Directory Browser Context Menu...............................................................................................51 4.2 Case Data Window Context Menu..............................................................................................60 4.3 Data Window Context Menu ......................................................................................................61 4.4 File Menu....................................................................................................................................62 4.5 Edit Menu ...................................................................................................................................64 4.6 Search Menu ...............................................................................................................................65 4.7 Navigation Menu ........................................................................................................................66 4.8 View Menu..................................................................................................................................67 4.9 Tools Menu .................................................................................................................................69 4.10 File Tools ....................................................................................................................................72 4.11 Specialist Menu...........................................................................................................................73 4.12 Options Menu .............................................................................................................................76 4.13 Window Menu ............................................................................................................................76 4.14 Help Menu ..................................................................................................................................77 4.15 Windows Context Menu .............................................................................................................77 II 5 Forensic Features...............................................................................................................................78 5.1 Interpret Image File As Disk.......................................................................................................78 5.2 Case Management.......................................................................................................................79 5.3 Multi-User Coordination For Large Cases..................................................................................82 5.4 Evidence Objects ........................................................................................................................86 5.5 Case Log (Activity Log) .............................................................................................................88 5.6 Case Report.................................................................................................................................89 5.7 Report Tables..............................................................................................................................92 5.8 Viewer Functionality ..................................................................................................................95 5.9 Registry Report ...........................................................................................................................97 5.10 Simultaneous Search...................................................................................................................99 5.11 Logical Search ..........................................................................................................................101 5.12 Search Hit List ..........................................................................................................................106 5.13 Search Term List.......................................................................................................................108 5.14 Hit Count in Search Term Lists ................................................................................................110 5.15 Event Lists ................................................................................................................................110 5.16 Mount As Drive Letter..............................................................................................................113