X-Ways Forensics

Call for Price

Integrated computer forensics environment. X-Ways flagship product, based on WinHex.

Category:

Description

X-Ways Forensics is an advanced work environment for computer forensic examiners and X-Ways’ flagship product. Runs under Windows XP/2003/Vista/2008/7/8/8.1/2012/10*, 32 Bit/64 Bit, standard/PE/FE. Compared to its competitors, X-Ways Forensics is more efficient to use after a while, by far not as resource-hungry, often runs much faster, finds deleted files and search hits that the competitors will miss, offers many features that the others lack, as a German product is potentially more trustworthy, comes at a fraction of the cost, does not have any ridiculous hardware requirements, does not depend on setting up a complex database, etc.!

 

X-Ways Forensics is fully portable and runs off a USB stick on any given Windows system without installation if you want. Downloads and installs within seconds (just a few MB in size, not GB). X-Ways Forensics is based on the WinHex hex and disk editor and part of an efficient workflow model where computer forensic examiners share data and collaborate with investigators that use X-Ways Investigator.

 

X-Ways Forensics comprises all the general and specialist features known from WinHex, such as:

 

  • Disk cloning and imaging
  • Ability to read partitioning and file system structures inside raw (.dd) image files, ISO, VHD, VHDX, VDI, and VMDK images
  • Complete access to disks, RAIDs, and images more than 2 TB in size (more than 232 sectors) with sector sizes up to 8 KB
  • Built-in interpretation of JBOD, RAID 0, RAID 5, RAID 5EE, and RAID 6 systems, Linux software RAIDs, Windows dynamic disks, and LVM2
  • Automatic identification of lost/deleted partitions
  • Native support for FAT12, FAT16, FAT32, exFAT, TFAT, NTFS, Ext2, Ext3, Ext4, Next3®, CDFS/ISO9660/Joliet, UDF
  • Superimposition of sectors, e.g. with corrected partition tables or file system data structures to parse file systems completely despite data corruption, without altering the original disk or image
  • Access to logical memory of running processes
  • Various data recovery techniques, lightning fast and powerful file carving
  • Well maintained file header signature database based on GREP notation
  • Data interpreter, knowing 20 variable types
  • Viewing and editing binary data structures using templates
  • Hard disk cleansing to produce forensically sterile media
  • Gathering slack space, free space, inter-partition space, and generic text from drives and images
  • File and directory catalog creation for all computer media
  • Easy detection of and access to NTFS alternate data streams (ADS)
  • Mass hash calculation for files (Adler32, CRC32, MD4, ed2k, MD5, SHA-1, SHA-256, RipeMD-128, RipeMD-160, Tiger-128, Tiger-16, Tiger-192, TigerTree, …)
  • Lightning fast powerful physical and logical search capabilities for many search terms at the same time
  • Recursive view of all existing and deleted files in all subdirectories
  • Automatic coloring for the structure of FILE records in NTFS
  • Bookmarks/annotations
  • Runs under Windows FE, the forensically sound bootable Windows environment, e.g. for triage/preview, with limitations
  • Support for high DPI settings in Windows
  • Ability to analyze remote computers in conjunction with F-Response
  • More.

Reviews

There are no reviews yet.

Be the first to review “X-Ways Forensics”

Your email address will not be published. Required fields are marked *

Related products