WinHex & X-Ways Forensics 13.5 released

WHAT’S NEW IN V13.5?

When searching for keywords and you are not interested in each and every search hit, but merely in a list of files that contain at least one the specified keywords, the logical search now allows you to accelerate the process with the new “one hit per file needed only” option. This saves time because it allows X-Ways Forensics to skip the remainder of a file once a hit is recorded and to continue with the next file. The resulting search hit list will be incomplete, however, it is guaranteed that it contains all the files for which there was at least one hit, and it contains each such file only once. Such a list is sufficient (and efficient!) to manually review the affected files, comment on them, copy the files off an image or pass them on to other investigators in an evidence file container etc…* Performance improved for searches with hundreds of search
terms at the same time.

* After creating a search index (unless distributed indexing
is enabled), X-Ways Forensics now automatically starts an
optional optimization step, which you can safely abort at any
time if you wish to continue using the program (i.e. for an
index search). During optimization, the various *.xfi index
component files will be consolidated, which improves the
performance of index searches and ensures that the Export
Word List feature won’t export duplicate words. The optimization
step can also be executed separately later at any time.

* Adding files to an evidence file container with their
complete path is now optional. That means, if you select the
directory “Vacation2006” for inclusion in the container without
its complete path, then the target path will be \Vacation2006,
no matter whether it originally was \Vacation2006 or \Pictures
\Vacation2006 or \My Files\Pictures\Vacation2006. If you select
the files directly with the new option, then they will end up
directly at the root level. The new option is useful when
adding preprocessed files (e.g. relevant excerpts from free
space) from one’s own hard disk to a container, where the
complete path is irrelevant.

* Ability to conveniently select from a drop down box whether
to add the slack of selected files to an evidence file container.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

* The new dialog window that allows to add files to an
evidence file container now confirms the indirect filling
method if enabled.

* Newly created container files now get the extension .ctr, so
that they can be better distinguished from conventional image
files.

* The parity delay in HP/Compaq RAID 5 assembly is now variable.

* Compatibility with certain exotic NTFS volumes. (still testing)

* When imaging media, a log about the operation is now created
as a text file and automatically opened after completion so
that it can be viewed and printed (forensic licenses only).
Warnings about bad sectors are included in that log file.
(since v13.4 SR-1/2)

* The gallery did not work correctly for pictures in evidence
file containers in a recursive view in the global case root
window. This was fixed. (since v13.4 SR-1)

* Error fixed that in v13.2 through v13.4 under certain
circumstances caused the logical search not to turn up any
search results at all. (since v13.4 SR-2)

* Error fixed that when deleting a report table may have caused
X-Ways Forensics to lose unrelated report table associations.
(since v13.4 SR-2)

* Error fixed that occurred when renaming hash sets in the
internal database with v13.4 and v13.4 SR-1. (since v13.4 SR-2)

* Some text strings in Windows registry files were previously
truncated at null characters. This was improved. (since v13.4
SR-5)

* Several other minor improvements and fixes.

* An evaluation version of X-Ways Forensics is now pre-installed
on TreCorder© portable forensic PCs built by mh Service GmbH.
This new device promises maximum speed for cloning/imaging hard
disks (3 simultaneously): http://www.x-ways.net/TreCorder-eng.pdf

————————————————————-

*** The next version of X-Ways Forensics is planned to support
E-MAIL in that it can list individual e-mail messages and e-mail
attachments found in a variety of e-mail archive formats, show
search hits in individual e-mail messages, filter attachments
based on file type, include all in recursive views, etc. ***

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools. 

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools.

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_7QiFTiuY7Vw

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

Forensic Focus 22nd March 2023 11:44 am

Throughout the past few years, the way employees communicate with each other has changed forever.<br /><br />69% of employees note that the number of business applications they use at work has increased during the pandemic.<br /><br />Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.<br /><br />Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.<br /><br />Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.<br /><br />With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.<br /><br />Join Monica Harris, Product Business Manager, as she showcases how investigators can:<br /><br />- Manage multiple cloud collections through a web interface<br />- Cull data prior to collection to save time and money by gaining these valuable insights of the data available<br />- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box<br />- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee<br />- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 11:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...