Join Us!

Notifications
Clear all

Winhex Forensics  

  RSS
andy1500mac
(@andy1500mac)
Member

Hi All,

I am aware that a few out there use Winhex Forensic edition and was wondering about its real world functionality acquiring and examining systems that don’t need to be shutdown.

I have copied the program files to CD and run off a live system in order to acquire an image as well as conduct cursory searches (all in a testing environment). Before running you have to point the applications default “save” location for (temp files, recovered files and image file) to removable media. It seems to work well….is anyone actually using Winhex in this manner?

Thanks,

Andrew-

Quote
Posted : 17/11/2005 6:16 pm
arashiryu
(@arashiryu)
Active Member

WinHex has come in handy for me more than a few times. The most used features on a live system for me have been

* Open RAM
* Clipboard Data
* Gather Free Space
* Gather Slack Space
* Gather Text

Since It opens in Read Only mode I am comfortable with running it on a live system.

I do struggle with its file recovery feature. Lot of duplicates/false positives. Maybe I am not using it right and blaming the tool. I haven't played with file recovery much.

ReplyQuote
Posted : 17/11/2005 7:13 pm
Share: