X-Ways Forensics 20.0 SR-7 Multilingual (x86/x64) + Portable
X-Ways Forensics 20.0 SR-7 Multilingual (x86 / x64) + Portable | 11.3 MB
Languages: Languages: English, 中文, Deutsch, Español, Français,
Italiano, 日本語, Polski, Português, Русский
X-Ways Forensics is an advanced work environment for computer forensic examiners and our flagship product. Runs under Windows XP/2003/Vista/2008/7/8/8.1/10/2012/2016, 32 Bit/64 Bit, standard/PE/FE. Compared to its competitors, X-Ways Forensics is more efficient to use after a while, by far not as resource-hungry, often runs much faster, finds deleted files and search hits that the competitors will miss, offers many features that the others lack, does not have any ridiculous hardware requirements, does not depend on setting up a complex database, etc.!
Features
Disk cloning and imagingAbility to read partitioning and file system structures inside raw (.dd) image files, ISO, VHD, VHDX, VDI, and VMDK imagesComplete access to disks, RAIDs, and images more than 2 TB in size (more than 232 sectors) with sector sizes up to 8 KBBuilt-in interpretation of JBOD, RAID 0, RAID 5, RAID 5EE, and RAID 6 systems, Linux software RAIDs, Windows dynamic disks, and LVM2Automatic identification of lost/deleted partitionsNative support for FAT12, FAT16, FAT32, exFAT, TFAT, NTFS, Ext2, Ext3, Ext4, Next3®, CDFS/ISO9660/Joliet, UDFSuperimposition of sectors, e.g. with corrected partition tables or file system data structures to parse file systems completely despite data corruption, without altering the original disk or imageAccess to logical memory of running processesVarious data recovery techniques, lightning fast and powerful file carvingWell maintained file header signature database based on GREP notationData interpreter, knowing 20 variable typesViewing and editing binary data structures using templatesHard disk cleansing to produce forensically sterile mediaGathering slack space, free space, inter-partition space, and generic text from drives and imagesFile and directory catalog creation for all computer mediaEasy detection of and access to NTFS alternate data streams (ADS)Mass hash calculation for files (Adler32, CRC32, MD4, ed2k, MD5, SHA-1, SHA-256, RipeMD-128, RipeMD-160, Tiger-128, Tiger-16, Tiger-192, TigerTree, ...)Lightning fast powerful physical and logical search capabilities for many search terms at the same timeRecursive view of all existing and deleted files in all subdirectoriesAutomatic coloring for the structure of FILE records in NTFSBookmarks/annotationsRuns under Windows FE, the forensically sound bootable Windows environment, e.g. for triage/preview, with limitationsSupport for high DPI settings in WindowsAbility to analyze remote computers in conjunction with F-ResponseSupport for the filesystems HFS, HFS+/HFSJ/HFSX, ReiserFS, Reiser4, XFS, many variants of UFS1 and UFS2, APFSSuperior, fast disk imaging with intelligent compression optionsAbility to read and write .e01 evidence files (a.k.a. EnCase images), optionally with real encryption (256-bit AES, i.e. not mere "password protection")Ability to create skeleton images, cleansed images, and snippet images (details)Ability to copy relevant files to evidence file containers, where they retain almost all their original file system metadata, as a means to selectively acquire data in the first place or to exchange selected files with investigators, prosecution, lawyers, etc.Complete case management.Ability to tag files and add notable files to the case report. Ability to enter comments about files for inclusion in the report or for filtering.Support for multiple examiners in cases, where X-Ways Forensics distinguishes between different users based on their Windows accounts. Users may work with the same case at different times or at the same time and keep their results (search hits, comments, report table associations, tagmarks, viewed files, excluded files, attached files) separate, or shares them if desired.Case reports can be imported and further processed by any other application that understands HTML, such as MS Word
CSS (cascading style sheets) supported for for case report format definitionsAutomated activity logging (audit logs)Write protection to ensure data authenticityKeeps you posted about the progress of automatic processing via a drive on the same network or via e-mail while you are not at your workplaceRemote analysis capability for drives in network can be added optionally (details)Ability to include files from all volume shadow copies in the analysis (but exclude duplicates), filter for such files, find the snapshot properties, etc.Often finds much more traces of deleting files than competing programs, thanks to superior analysis of file system data structures, including $LogFile in NTFS, .journal in Ext3/Ext4The basis for a listed file is practically just a mouse click away. Easily navigate to the file system data structure where it is defined, e.g. FILE record, index record, $LogFile, volume shadow copy, FAT directory entry, Ext* inode, containing file if embedded etc.Supported partitioning types: MBR, GPT (GUID partitioning), Apple, Windows dynamic disks (both MBR and GPT style), LVM2 (both MBR and GPT style), and unpartitioned (Superfloppy)Very powerful main memory analysis for local RAM or memory dumps of Microsoft WindowsSector superimposition to virtually fix corrupt data on disks or in images and enable further analysis steps without altering the disks sectors/imagesShows owners of files, NTFS file permissions, object IDs/GUIDs, special attributesOutput of all internal file system timestamps (even 0x30 timestamps in NTFS, added dates in HFS+)Special identification of suspicious extended attributes ($EA) in NTFS, as used for example by ReginCompensation for NTFS compression effects and Ext2/Ext3 block allocation logic in file carvingCarving of files also within other filesLightning-fast matching of files against the up to 2 internal file hash databasesMatching sector contents against a block hash database, to identify incomplete fragments of highly relevant known filesFuzZyDoc hashing to identify known textual contents (e.g. classified documents, invoices, stolen intellectual property, e-mails) even if stored in a different file format, re-formatted, edited, ...PhotoDNA hashing to identify known photos (e.g. child pornography) even if stored in a different file format, resized, color-adjusted, constrast-adjusted, blurred, sharpened, partially pixelated, edited, mirrored (law enforcement only)Ability to import hash sets in these formats: Project Vic JSON/ODATA, NSRL RDS 2.x, HashKeeper, ILook, ...Create your own hash setsComputation of two hash values of different types at the same timeRandom analysis scope reduction using ID modulo filter and immediately available pseudo-hash valuesConvenient back & forward navigation from one directory to another, multiple steps, restoring sort criteria, filter (de)activation, selectionGallery view, showing thumbnails of pictures, videos, even documents and many other non-picture file typesCalendar view, showing hotspots of activity, ideal to combine with the chronological event listFile preview, seamlessly integrated viewer component for 270+ file typesAbility to print the same file types directly from within the program with all metadata on a cover page
Internal viewer for Windows Registry files (all Windows versions); automated and configurable powerful Registry report that also check value slack in registry hivesViewer for Windows event log files (.evt, .evtx), Windows shortcut (.lnk) files, Windows Prefetch files, $LogFile, $UsnJrnl, restore point change.log, Windows Task Scheduler (.job), $EFS LUS, INFO2, wtmp/utmp/btmp log-in records, MacOS X kcpassword, AOL-PFC, Outlook NK2 auto-complete, Outlook WAB address book, Internet Explorer travellog (a.k.a. RecoveryStore), Internet Explorer index.dat history and browser cache databases, SQLite databases such as Firefox history, Firefox downloads, Firefox form history, Firefox sign-ons, Chrome cookies, Chrome archived history, Chrome history, Chrome log-in data, Chrome web data, Safari cache, Safari feeds, Skype's main.db database with contacts and file transfers, ...Ability to collect Internet Explorer history and browser cache index.dat records that are floating around in free space or slack space in a virtual single fileExtracts metadata and internal creation timestamps from various file types and allows to filter by that, e.g. MS Office, OpenOffice, StarOffice, HTML, MDI, PDF, RTF, WRI, AOL PFC, ASF, WMV, WMA, MOV, AVI, WAV, MP4, 3GP, M4V, M4A, JPEG, BMP, THM, TIFF, GIF, PNG, GZ, ZIP, PF, IE cookies, DMP memory dumps, hiberfil.sys, PNF, SHD & SPL printer spool, tracking.log, .mdb MS Access database, manifest.mbdx/.mbdb iPhone backup, ...Keeps track of which files were already viewed during the investigationAutomatic cell background coloring based on user-defined conditions helps to draw your attention to items of interest without having to filter out all non-matching items.Include external files, e.g. translations or decrypted or converted versions of original files, and connect them to the files they belong withAbility to examine e-mail extracted from Outlook (PST, OST), Exchange EDB, Outlook Express (DBX), AOL PFC, Mozilla (including Thunderbird), generic mailbox (mbox, Unix), MSG, EMLCan produce a powerful event list based on timestamps found in all supported file systems, in operating systems (including event logs, registry, recycle bin, ...), and file contents (e.g. e-mail headers, Exif timestamps, GPS timestamps, last printed timestamps; browser databases, Skype chats, calls, file transfers, account creation...).Event timestamps can be sorted chronologically to get a timeline of events. They are represented graphically in a calendar to easily see hotspots of activity or periods of inactivity or to quickly filter for certain time periods with 2 mouse clicks.Extremely extensive and precise file type verification based on signatures and specialized algorithmsAllows you to define your own file header signatures, file types, type categories, file type ranks, and file type groupsDirectory tree on the left, ability to explore and tag directories including all their subdirectoriesSynchronizing the sectors view with the file list and directory treeMANY powerful dynamic filters based on true file type, hash set category, timestamps, file size, comments, report tables, contained search terms, ...Ability to identify and filter our duplicate filesAbility to copy files off an image or a drive including their full path, including or excluding file slack, or file slack separately or only slackAutomatic identification of encrypted MS Office and PDF documentsCan extract almost any kind of embedded files (including pictures) from any other kind of files, thumbnails from JPEGs and thumbcaches, .lnk shortcuts from jump lists, various data from Windows.edb, browser caches, PLists, tables from SQLite databases, miscellaneous elements from OLE2 and PDF documents, ...Skin color detection (e.g. a gallery view sorted by skin color percentage greatly accelerates a search for traces of child pornography)Detection of black & white or gray-scale pictures, which could be scanned-in documents or digitally stored faxesDetection of PDF documents that should be OCR'edAbility to extract still pictures from video files in user-defined intervals, using MPlayer or Forensic Framer, to drastically reduce the amount of data when having to check for inappropriate or illegal contentLists the contents of archives directly in the directory browser, even in a recursive viewLogical search, in all or selected files/directories only, following fragmented cluster chains, in compressed files, metadata, optionally decoding text in PDF, HTML, EML, ..., optionally using GREP (regular expressions), user-defined "whole words" option, and much morePowerful search hit listings with context preview, e.g. like "all search hits for the search terms A, B, and D in .doc and .ppt files below \Documents and Settings with last access date in 2004 that do not contain search term C"Option to sort search hits by their data and context instead of just by the search terms to which they belong. Ability to filter search hits by the textual context around them using an additional keyword.Highly flexible indexing algorithm, supporting solid compound words and virtually any languageSearch and index in both Unicode and various code pagesLogically combine search hits with an AND, fuzzy AND, NEAR, NOTNEAR, + and - operatorsAbility to export search hits as HTML, highlighted within their context, with file metadataDetection and removal of host-protected areas (HPA, ATA-protected areas), and DCOAbility to decompress entire hiberfil.sys files and individual xpress chunksX-Tensions API (programming interface) to add your own functionality or automate existing functionality with very high performance (for example the popular C4All as an X-Tension runs about 6 times faster than as an EnScripts), does not require you to learn a proprietary programming languageNo complicated database to set up and connect to, with the risk of never being able to open your case again like in competing softwareInterface for PhotoDNA, which can recognize known pictures (even if stored in a different format or altered) and can return the classification ("CP", "relevant", "irrelevant") to X-Ways Forensics
Buy Premium From My Links To Get Resumable Support,Max Speed & Support Me
https://uploadgig.com/file/download/3a3d06Bd92CcDf6b/4h62s.XWays.Forensics.20.0.SR7.Multilingual.x86..x64..Portable.rar
https://rapidgator.net/file/bd530d36d4d4405c5da78fee59bc8d7d/4h62s.XWays.Forensics.20.0.SR7.Multilingual.x86..x64..Portable.rar.html
http://nitroflare.com/view/E521D8495C5D153/4h62s.XWays.Forensics.20.0.SR7.Multilingual.x86..x64..Portable.rar
Discovering free software download can be a game-changer for users looking to enhance their digital experience without breaking the bank. These platforms offer a vast array of software free download options, covering everything from productivity tools to entertainment applications. The beauty of these sites is not just the price (or lack thereof) but also the variety and accessibility they provide, ensuring that there's something for every type of user.
Comments (0)
Users of Guests are not allowed to comment this publication.