±Partners and Sponsors
New Today: 6
New Yesterday: 3
· The Complete Workflow of Forensic Image and Video Analysis
· Browser Anti Forensics
· Coming apart at the SIEMs …
· WeChat Forensics
· DFRWS Europe 2014 Annual Conference – Recap
· Considering A Career in Audio-Video Forensics? Enhance Your Prospects With Continuing Education
· Forensics Europe Expo 2014 – Recap
· Windows Logon Password – Get Windows Logon Password using Wdigest in Memory Dump
· Windows Forensics and Security
±Follow Forensic Focus
X-Ways X-Tension for C4All users
This X-Tension is for Users of C4All. The guides that are included describe how to best use the X-Tension with the Strategy hash sets , but your own hash sets can be used. Also it is based on the file types (video and pictures) that C4All presently uses and searches for.
With this X-Tension, you will be able to process with the speed of X-Ways, and be completing most of the C4Prep stage all at once (like skin tone % and video stills).
Benefits of the X-Tension
-speed, fewer steps to follow than original C4All process
-even faster if ran locally and saved locally. upto 30GB min speeds on SSD drives observed.
-crash protection. Use X-Ways ability to resume if there is a crash during preparation of data.
-If X-Tension is interrupted there is the option to resume, start new or if needed just make new XML file
-ability to filter out irrelevant files and false positive carved files before C4All extraction.
-Hash sets are connected to X-Ways and not SQL server. This allows for known irrelevant or good files to be excluded from extraction. Also SQL Express can be used (free) as the only database used would be a local database and would not grow to be to large.
-These hash sets are transferable by simply copying the folder and pointing X-Ways to storage location. No need to wait all day for Database to be created.
-ability to use your own hash sets. upto 65,000+ separate hash sets.
-Better resulting folder structure, especially when run against many evidence objects in one case.
-Results can be extracted from C4All in hashkeeper format to be easily brought back in to X-Ways case. no need to run Encase book marking enscript.
-thumbnails are extracted from files that include thumbnails or are created by X-ways due to original picture size. If thumbnails exist in a file it is not used twice, reducing duplicate files.
-When processing, all functions of X-Ways are available during X-Tension run phase.
-Able to use X-Ways reporting features for court and presentation.
- video stills extracted using free mplayer or forensic framer from within X-Ways
Below are links to the X-Tension and guides on how to use it. If you are part of the Strategy and need the hash set, please contact Trevor at the Ontario Provincial Police or obtain from the C4All forum.
In the guides there is also information on how to use your own hash sets and including extracting them from your SQL server.
C4All X-Tension version 3.5.12.k , June 10-2014 1drv.ms/1ki46Ky
Steps Guide June 10 2014 1drv.ms/1iktb7O
Detailed Step by step guide June 10-2014 1drv.ms/1mD0ggp
I recommend downloading both guides.
This is provided free to any user to be used with X-Ways Forensics.
- Senior Member
Trevor is with OPP. I am not.
But thank you
SQLite Recovery - find and recover deleted sqlite dbs
- Senior Member
Just append the contents of the linked file to the 'File Type Signature Search.txt' file in the X-Ways install directory and a new category to select all the C4All files in one click has been added.
Download link to 'c4all category for file header signature search.txt' 1drv.ms/1q9bMa6
This file does not get overwritten during updates and works the same, allowing one click to select all relevant C4All file types.