X-Ways Forensics 20.3 x64 + Crack 2023

view: 60 views
comments: 0
author: soft360 Authur
Published date: 22 December 2022
25 December 2022 on 7:57 am

X-Ways Forensics logo

X-Ways Forensics

X-Ways WinHex is a specialized disk editor and all-purpose hexadecimal editor helpful for data processing, recovery, and computer forensics. The curriculum is focused on those with some advanced expertise and is not intended for those with all skill levels. WinHex Full Version has the ability to examine and modify all types of files, fix broken file systems on hard drives, recover lost or deleted information, fix corrupted files, and more. All native file systems on disk drives, including FAT, NTFS, Ext, ReiserFS, CDFS, UDF, RAID, and dynamic disks, are supported by WinHex.

X-Ways Forensics 20.3



  1. Imaging and disk cloning
  2. The capacity to read the file system and partitioning structures included in ISO, VHD, VHDX, VDI, and VMDK images, as well as raw (.dd) image files
  3. Access to all drives, RAIDs, and images larger than 2 TB (greater than 232 sectors) with sector sizes up to 8 KB
  4. Built-in interpretation of Linux software RAIDs, Windows dynamic disks, JBOD, RAID 0, RAID 5, RAID 5EE, and RAID 6 systems
  5. Automatic partition loss and deletion identification
  6. FAT12, FAT16, FAT32, exFAT, TFAT, NTFS, Ext2, Ext3, Ext4, Next3®, CDFS/ISO9660/Joliet, and UDF are all natively supported.
  7. Superimposition of sectors without changing the underlying disk or image, for example, with updated partition tables or file system data structures to parse file systems completely despite data corruption
  8. Access to executing programs’ logical memory
  9. A variety of data recovery methods, quick and powerful file carving
  10. GREP-based file header signature database that is well-maintained
  11. Data interpreter with 20 kinds of variable knowledge
  12. Utilizing templates to view and modify binary data structures
  13. Cleaning hard drives to provide forensically sterile media
  14. Collecting generic text, inter-partition space, slack space, and empty space from disks and pictures
  15. construction of a file and directory catalog for all computer media
  16. Easy access to NTFS alternative data streams and identification of such streams (ADS)
  17. Files are hashed in bulk (Adler32, CRC32, MD4, ed2k, MD5, SHA-1, SHA-256, RipeMD-128, RipeMD-160, Tiger-128, Tiger-16, Tiger-192, TigerTree, …)
  18. For many search phrases at once, lightning-fast, strong physical and logical search capabilities are available.
  19. Viewing all files, both active and deleted, across all subdirectories
  20. Automatic NTFS record coloring for the FILE structure
  21. Bookmarks/annotations
  22. Runs with restrictions under Windows FE, the forensically sound bootable Windows environment, such as for triage or preview.
  23. Windows support for high DPI settings
  24. F-Response and the ability to study remote computers in addition to other things:
  25. HFS, HFS+/HFSJ/HFSX, XFS, Btrfs, ReiserFS, Reiser4, UFS1, UFS2, APFS, and QNX filesystem support
  26. superior, quick disk imaging with clever choices for compression
  27. writing and reading skills.
  28. Evidence files e01 (a.k.a. EnCase images)
  29. creation of skeleton pictures, cleaned images, and snippet images (details)
  30. Ability to selectively obtain data in the first place or to share certain files with investigators, the prosecution, attorneys, etc. by copying pertinent files to evidence file containers, where they maintain nearly all of their original file system metadata.
  31. full-service case management
  32. ability to annotate and include important files in the case report. ability to input remarks regarding files for filtering or report inclusion.
  33. In situations where X-Ways Forensics distinguishes between several users based on their Windows accounts, support for multiple examiners is available. Users are allowed to work on the same case simultaneously or at various times while keeping their findings (such as search hits, comments, report table associations, tagmarks, viewed files, excluded files, and attached files) private or sharing them if they so want.
  34. Case reports may be imported into and processed further by any other HTML-compliant program, such as MS Word CSS (cascading style sheets) supported for for definitions of case report formats
  35. Logging activities automatically (audit logs)
  36. Write protection to secure the validity of the data
  37. keeps you informed of the status of automatic processing when you are not at your place of business through email or a drive on the same network.
  38. The addition of a remote analysis feature for network drives is optional (details)
  39. the ability to filter for such files, locate the snapshot attributes, analyze files from all volume shadow copies (while excluding duplicates), etc.
  40. Due to its superior examination of file system data structures, such as $LogFile in NTFS and.journal in Ext3/Ext4, it frequently discovers far more evidence of file deletion than competing tools.
  41. Practically just a mouse click separates you from the foundation of a listed file. Locate it quickly in the file system data structure, such as the FILE record, index record, $LogFile, volume shadow copy, FAT directory entry, Ext* inode, contained file if embedded, etc.
  42. MBR, GPT (GUID partitioning), Apple, Windows dynamic disks (both MBR and GPT style), LVM2 (both MBR and GPT style), and unpartitioned are supported partitioning types (Superfloppy)
  43. Sector superimposition may essentially restore faulty data on disks or in images and permit subsequent analysis stages without changing the disks’ sectors or images. It is quite effective for local RAM or memory dumps of Windows 2000, XP, Vista, 2003 Server, 2008 Server, and Windows 7.
  44. File owners, NTFS file permissions, object IDs and GUIIDs, and special properties are shown.
  45. All internal file system timestamps are output (including 0x30 timestamps in NTFS and additional dates in HFS+).
  46. Using the example of Regin, special detection of questionable extended attributes ($EA) in NTFS
  47. File carving accounts for the impacts of NTFS compression and Ext2/Ext3 block allocation logic.
  48. Files can be carved, even within other files.
  49. Quick file matching against the internal file hash databases (up to 2)
  50. matching sector contents to a block hash database to find missing pieces of recognized files that are highly relevant
  51. Even when saved in a different file format, re-formatted, updated, or otherwise altered, known textual contents (such as classified papers, invoices, stolen intellectual property, and emails) may be identified using FuzZyDocTM hashing.
  52. Using PhotoDNA hashing, recognized images (such as child pornography) may be located even when they have been scaled, color-corrected, contrast-corrected, blurred, sharpened, partially pixelated, altered, or mirrored (law enforcement only)
  53. Artificial intelligence to automatically detect photo content, discover related photographs, and recognize the faces of recognized relevant persons in photos (Excire Forensics)
  54. Hash sets in these formats are importable HashKeeper, ILook, Project Vic JSON/ODATA, NSRL RDS 2.x,…
  55. Build custom hash sets
  56. simultaneous computation of two separate sorts of hash values
  57. Using the ID modulo filter and instantly available pseudo-hash values, the scope of the random analysis is reduced.
  58. Multiple stages, easy back and forth between directories, preserving sort criteria, filter (de)activation, and selection
  59. Pictures, movies, documents, and many other non-picture file types are shown as thumbnails in the gallery view.
  60. Calendar view, which highlights activity hotspots, is best used in conjunction with a chronological event list.
  61. For 270+ file formats, file preview is a completely integrated viewer component.
  62. being able to print the same file kinds directly from the software with a cover page that includes all the metadata
  63. Internal Windows Registry file reader (for all Windows versions); powerful, automatable Registry report that additionally checks value slack in registry hives
  64. Windows shortcut (.lnk) files, Windows event log (.evt,.evtx) files, and Prefetch files in Windows, Windows Task Scheduler, $LogFile, $UsnJrnl, and restore point change.log (.job), log-in data for $EFS LUS, INFO2, wtmp/utmp/btmp, AOL-PFC, Outlook NK2 auto-complete, MacOS X’s kcpassword, the WAB address book in Outlook Internet Explorer index, Internet Explorer travellog (also known as RecoveryStore). browser cache databases, SQLite databases for browser history and sign-on data, Chrome cookies, Chrome history, Chrome log-in data, Chrome web data, Safari cache, and Firefox downloads, form history, and feeds, among others the main.db database for file transfers and contacts in Skype
  65. Possibility of creating a virtual single file from Internet Explorer history and browser cache index.dat entries that are floating about in available or slack space.
  66. Filtering is possible based on the metadata and internal creation timestamps that are extracted from a variety of file types, including those used by Microsoft Office, OpenOffice, StarOffice, HTML, MDI, PDF, RTF, WRI, AOL PFC, ASF, WMV, WMA, MOV, AVI, WAV, MP4, 3GP, M4V, M4A, JPEG, BMP, THM, TIFF, GIF, PNG, GZ, ZIP Database for MS Access, manifest.mbdx/.mbdb an iPhone backup,records which documents have already been seen during the investigation
  67. Without having to filter out all non-matching items, automatic cell background coloring based on user-defined parameters aids in highlighting important things.
  68. Include external files and link them to the files they correspond with, such as translations, encrypted copies of the original files, or converted versions.
  69. analyse emails that have been retrieved from Outlook (PST, OST), Exchange EDB, Outlook Express (DBX), AOL PFC, Mozilla (including Thunderbird), generic mailbox (mbox, Unix), MSG, and EML.
  70. can generate an effective event list using timestamps from all supported file systems, operating systems (including event logs, registry, trash bin, etc.), and file contents (e.g. e-mail headers, Exif timestamps, GPS timestamps, last printed timestamps; browser databases, Skype chats, calls, file transfers, account creation…).
  71. A timeline of events can be created by ordering event timestamps chronologically. They are visualized visually on a calendar so that users can rapidly filter for certain time periods with just two mouse clicks and identify activity hotspots or periods of inactivity.
  72. File type verification that is extremely thorough and accurate and is based on signatures and specialized algorithms
  73. provides you with the ability to design your own file types, file categories, file type rankings, and file type groups.
  74. Ability to browse and tag directories, including all of their subdirectories, using the directory tree on the left.
  75. synchronizing the directory tree, file list, and sectors view
  76. Many strong dynamic filters that take into account the real file type, hash set category, timestamps, file size, comments, report tables, included search phrases, etc.
  77. being able to recognize and filter our duplicate files
  78. having the ability to copy files off of an image or a disk with their complete paths, including or excluding file slack, or file slack independently, or just slack.
  79. Automatic recognition of MS Office and PDF documents with encryption
  80. Can extract almost any type of embedded file, including images, from any other type of file, as well as thumbnails from JPEGs and thumbcaches,.lnk shortcuts from jump lists, different data from Windows.edb, browser caches, PLists, tables from SQLite databases, random items from OLE2 and PDF documents,…
  81. Skin tone recognition (e.g. a gallery view sorted by skin color percentage greatly accelerates a search for traces of child pornography)
  82. detection of black-and-white or gray-scale images, which may be found in faxes that have been digitally preserved or scanned in
  83. detection of PDF files that require OCR
  84. Ability to utilize MPlayer or Forensic Framer to extract still images from video files at user-defined intervals in order to significantly minimize the quantity of data needed to screen for inappropriate or unlawful material.
  85. even in a recursive view, lists the contents of archives immediately in the directory browser.
  86. Logical search, in all or selected files/directories only, following fragmented cluster chains, in compressed files, metadata, optionally decoding text in PDF, HTML, EML,…, optionally using GREP (regular expressions), optionally using the user-defined “whole words” option, and many other features are available.
  87. Strong search hit lists that include context previews, such as “all search results for the search phrases A, B, and D in the.doc and.ppt files below”
  88. Settings and Documents last accessed in 2004 but without the search phrase “C”
  89. Search results can be sorted by both their data and context in addition to merely the search phrases to which they pertain. Ability to use an extra term to filter search results based on the surrounding content.
  90. Highly adaptable indexing technique that supports practically any language and good compound terms
  91. Search and index across several code sheets, including Unicode
  92. Combine search results logically using the AND, fuzzy AND, NEAR, NOTNEAR, +, and – operators.
  93. Ability to export search results as HTML with context-sensitive underlining and file information
  94. Host-protected areas (HPA, ATA-protected regions, and DCO) detection and removal (under Windows XP)
  95. ability to decompress individual xpress chunks and complete hiberfil.sys files
  96. You do not need to learn a proprietary programming language to add new functionality or automate existing functionality using the X-Tensions API (programming interface), which has extremely high performance (for instance, the well-known C4All runs about 6 times faster as an X-Tension than as an EnScripts).
  97. With competitive software, there is no chance of never being able to access your case again due to a difficult database to set up and connect to.
  98. interface for PhotoDNA (only for law enforcement), which can classify images as “CP,” “relevant,” or “irrelevant” and detect recognized images (even if saved in a different format or manipulated)…



file info
  • published date : 2022
  • version : 20.3
  • format : RAR
  • file size : 15.MB
  • password: soft360.me
Download Box
password: soft360.me
Download Guide

After downloading the patch or keygen, if your antivirus detects any viruses,

Please disable your antivirus during the process of registration.

Patches and keygens are not viruses or Trojans. Because a patch or keygen circumvents the original registration of software,

Antivirus software detects it as a Trojan or virus.

Therefore, use patches or keygens posted on our website without any worries.

All our contents are trustworthy, as they all come from trusted sources.
password: soft360.me

rate this

5/5 - (3 votes)