Join Us!

Notifications
Clear all

Xways Forensic  

  RSS
Andy
 Andy
(@andy)
Active Member

Any one know how to change to in-place edit mode? I have read the PDF instructions and it mentions this function; however it is not intuitive, I just cannot see how to change from read-only to in-pace edit. I wish to edit a file in WinHex…..

Andy

Quote
Posted : 18/04/2005 9:45 pm
akaplan0qw9
(@akaplan0qw9)
Member

Options=> Select Mode=> In-Place Edit Mode.

ReplyQuote
Posted : 18/04/2005 10:08 pm
Andy
 Andy
(@andy)
Active Member

Al - the Edit mode is grey'd out. I cannot change it!

Andy

ReplyQuote
Posted : 19/04/2005 9:34 am
Andy
 Andy
(@andy)
Active Member

I think I've figured it out. The 'forensics' edition, although it has more features than WinHEX, doesn't allow any write facility. It's not all that clear in the help menu.

Andy

ReplyQuote
Posted : 19/04/2005 9:38 am
akaplan0qw9
(@akaplan0qw9)
Member

Stefan Fleishman the owner and author of X-Ways Forensics and WinHex installs both in the same folder and uses the Alt-TAB toggle to go back and forth. He seems to do most of his Forensic work in WinHex. As you have found, the Forensic version does its best to keep you from screwing up evidence. On the other hand it seems to be so restrictive that it can be frustrating to work with. I don't know nearly as much about it as I would like. As you have found, the documentation needs work and it is neither intuitive or user friendly. However, it is very powerful and flexible. In the seminar I attended, there were capabilities that got both Encase and FTK users to say, "Wow!" It is a very exciting program that one wants to learn. The first thing Stephan does is to generate a drive contents table. That lays open all manner of things in one place. Some are automatically flagged. Like ADS files. I'm sure I saw him look directly into a zipped file from there, but I could not repeat that. One of the strongest things is his data carving. There are over 50 file types in there by default and you can add as many more as you can identify a header for. You can use one, several, or all of these at one time and you can have it sort each file type in a different folder if you like.

Stefan is a very nice young man and will help you if you ask a software problem or issue. However, he is not an investigator, he is a software expert and thinks like one. You also have to remember that this same tool is used and sold for data recovery. That multi function capability may be putting more options on the screen than we need. Al

He makes a few associated programs, Evidore and Trace. both are very easy to use. and effective.

ReplyQuote
Posted : 19/04/2005 2:08 pm
Andy
 Andy
(@andy)
Active Member

Thanks Al, I do quite like the software, but you're right there isn't much in the way of documentation for it. There needs to be a really comprehensive pdf shipped with it. Also some bookmarking type facility would be good.

Andy

ReplyQuote
Posted : 19/04/2005 3:58 pm
liusiguang
(@liusiguang)
New Member

I have used WinHex (and X-ways Forensic) for several years. The evolution from a system admin tool to a forensic tool has been gradual, and always forward. I have talked with Stefan for most of this time period and found him to be most reasonable.

His software is on a par with, often exceeding, the better-known players, for pennies on the dollar, cost wise.

As for documentation…there is always room for more. There is an entire third-party market out there (___ for Dummies, The Idiot's Guide to___, etc.) because programmers don't like to do documentation. Take a good look at third-party books on M$ apps. When I get my opus maximus on Winhex finished, I will make it available….

Later,
LSG

ReplyQuote
Posted : 17/05/2005 8:54 pm
Share: