Winhex Manual
Total Page:16
File Type:pdf, Size:1020Kb
X-Ways Software Technology AG WinHex/ X-Ways Forensics Integrated Computer Forensics Environment. Data Recovery & IT Security Tool. Hexadecimal Editor for Files, Disks & RAM. Manual Copyright © 1995-2007 Stefan Fleischmann, X-Ways Software Technology AG. All rights reserved. Contents 1 Preface ..................................................................................................................................................1 1.1 About WinHex and X-Ways Forensics.........................................................................................1 1.2 Legalities.......................................................................................................................................2 1.3 License Types ...............................................................................................................................3 1.4 Differences between WinHex and X-Ways Forensics..................................................................4 1.5 Getting Started with X-Ways Forensics........................................................................................5 2 Technical Background ........................................................................................................................5 2.1 Using a Hex Editor........................................................................................................................5 2.2 Endian-ness...................................................................................................................................6 2.3 Integer Data Types........................................................................................................................6 2.4 Floating-Point Data Types ............................................................................................................6 2.5 Date Types ....................................................................................................................................7 2.6 ANSI ASCII/IBM ASCII..............................................................................................................8 2.7 Checksums ....................................................................................................................................9 2.8 Digests ..........................................................................................................................................9 2.9 Technical Hints ...........................................................................................................................10 3 Forensic Features...............................................................................................................................11 3.1 Case Management.......................................................................................................................11 3.2 Evidence Objects ........................................................................................................................12 3.3 Log & Report Feature .................................................................................................................13 3.4 Report Tables..............................................................................................................................14 3.5 Volume Snapshots ......................................................................................................................14 3.6 Directory Browser.......................................................................................................................18 3.7 Internal Viewer ...........................................................................................................................24 3.8 Registry Report ...........................................................................................................................25 3.9 Mode Buttons..............................................................................................................................25 3.10 Simultaneous Search...................................................................................................................27 3.11 Logical Search ............................................................................................................................28 3.12 Search Hit Lists...........................................................................................................................29 3.13 Search Term List.........................................................................................................................30 3.14 Indexing, Index Search ...............................................................................................................31 3.15 Hash Database.............................................................................................................................33 3.16 Time Zone Concept.....................................................................................................................34 3.17 Evidence File Containers ............................................................................................................34 4 Menu Reference .................................................................................................................................36 4.1 Directory Browser Context Menu...............................................................................................36 4.2 File Menu....................................................................................................................................40 4.3 Edit Menu ...................................................................................................................................41 4.4 Search Menu ...............................................................................................................................42 4.5 Position Menu .............................................................................................................................43 4.6 View Menu..................................................................................................................................44 4.7 Tools Menu .................................................................................................................................45 4.8 File Tools ....................................................................................................................................47 4.9 Specialist Menu...........................................................................................................................47 4.10 Options Menu .............................................................................................................................49 II 4.11 Window Menu ............................................................................................................................50 4.12 Help Menu ..................................................................................................................................50 4.13 Windows Context Menu .............................................................................................................51 5 Some Basic Concepts .........................................................................................................................51 5.1 Start Center .................................................................................................................................51 5.2 Entering Characters.....................................................................................................................52 5.3 Edit Modes..................................................................................................................................52 5.4 Status Bar....................................................................................................................................53 5.5 Scripts .........................................................................................................................................53 5.6 WinHex API................................................................................................................................54 5.7 Disk Editor..................................................................................................................................54 5.8 RAM Editor ................................................................................................................................56 5.9 Template Editing.........................................................................................................................56 6 Data Recovery....................................................................................................................................57 6.1 File Recovery with the Directory Browser .................................................................................57 6.2 File Recovery by Type................................................................................................................57 6.3 File Type Definitions ..................................................................................................................59 6.4 Manual Data Recovery ...............................................................................................................60 7 Options................................................................................................................................................61 7.1 General Options ..........................................................................................................................61