Подскажите, как изменить положение границы страницы (серая полоска через весь редактор). Сейчас певая граница отображается между 0x1bf - 0x1c0 а хочется кратную 512байт
» X-Ways WinHex
WinHex 15.8 SR-1
Цитата:
• Slight improvements in non-MAPI e-mail extraction from OST/PST archives.
• New option to exclude the e-mail header area from .eml files in Preview mode (not Raw mode). See Directory Browser Options. Useful if you would like to see more of the body of the e-mail without scrolling. You can see subject, sender, recipient and dates already in the directory browser. Attachments are listed when exploring the parent .eml file.
• Recover/Copy: Ability to embed attachments in .eml files in certain situations where that was not supported before.
• The option that allows to append the presumed correct extension to misnamed files or files without extension when copying them has been moved to the Recover/Copy dialog window. That this option had no effect under certain cirumstances in the original 15.8 version has been fixed.
• More file signature and file type definitions for Mac OS X.
• Preview mode: Ability to decrypt the Mac OS X 10.5 and 10.6 auto-login password that is stored in /private/etc/kcpassword.
• Ability open reconstruct JBODs that consist of more than 2 components. Ability to load previously reconstructed JBODs that were saved in cases as evidence objects.
• Displays the number of items in a report table in the report table filter dialog window and in the report options dialog window.
• Ability to change the order of report tables in the dialog windows for report table filter, report table associations and report options when selecting 1 report table.
• An exception error was fixed that occurred when listing search hits that resulted from a physical search.
WinHex 15.8 SR-2
Цитата:
• Recover/Copy: When embedding e-mail attachments in their respective parents, the resulting .eml files are now compatible with Thunderbird in most cases (allow to open the attachments).
• Fixed an error that occurred when exporting spanned .whx disk backup files to a single
raw image.
• Minor revisions of PDF metadata extraction. Missing separators in .lnk metadata fixed.
• Fixed an exception error that could occur when opening certain FAT volumes.
• Visual representation of restore point change log files improved. They are now parsed
for viewing and in Preview mode, not in Details mode any more.
• Fixed an error that could cancel the effect of daylight saving activation or deactivation
for certain time zone variants.
• Fixed an exception error that could occur when carving GIF files.
• Some other minor improvements.
WinHex 15.8 SR-4
Цитата:
• E-mail extraction from PST/OST: Ability to reference original attachments in .eml files
for e-mails with TNEF/winmail.dat attachment style.
• Ability to deactivate the strict drive letter protection in X-Ways Investigator. New investigator.ini option -36 prevents disabling the strict drive letter protection.
• Better representation of meeting requests extracted from Outlook PST/OST files.
• Generally slightly improved representation of e-mail in OST files.
• Some few generated .eml files were displayed without body in the viewer component and in Thunderbird (but OK for example in Outlook Express). This was improved.
• Files with miscellaneous Outlook data such as contacts appointments etc. now have the icons of virtual files.
• Ability to import automatic analysis results (e.g. from DoublePics) back into a case even
if evidence objects have been removed or added after the export.
• More detailed report when memory allocations fail.
• Memory utilization was inefficient when taking a volume snapshot of Reiser file systems
in v15.6 through v15.8 SR-2. This was fixed.
• The progress notification option could not be activated. This was fixed.
• Fixed an error that could occur when using the disk reading cache with very large media.
• Fixed "child objects of files" filter.
• Some minor improvements and fixes.
Цитата:
если быть точным, то первые восемь байт от заголовка APMDataFile
Ок, попробую.
Добавлено:
Shulc
Цитата:
Открой .apm файлик в HEX-редакторе и в самом начале его вырежи "мусор" между APMDataFile и TPF0
КАК вырезать?
Оно ж под Рид-онли
По делу не удаляется, по правой кнопке нет опций и в меню ничего нет
. КАК!
КАК включить Едит моде?
San4o_s_ran4o
F6
F6
Betauser RC
по F6 я выбирал оба вида: по-умолчанию и прямая правка - толку нет. По DEL не удаляется ничего.
Что за на?
по F6 я выбирал оба вида: по-умолчанию и прямая правка - толку нет
. По DEL не удаляется ничего. Что за на?
WinHEX15RUS - мож изза этого? Последнюю скачаю.
Вроде бы уже где-то обсуждали, что последние версии не поддерживает кириллицу. А что автор говорит? Может быть, он специально отказался от неё, из-за пиратства?
AftarJjet
Это он уже лет десять этим занимается.
Мотивация его простая - он де не знает русского языка и не может мол проверить качество перевода, а потому исключил поддержку незнакомых ему языков. Ага, свежо предание, да верится с трудом.
Там в Германии столько наших, что проверить перевод можно в любой забегаловке за кружкой пива. Просто ему лень возится, вот он и выбросил "лишний" код.
Это он уже лет десять этим занимается.
Мотивация его простая - он де не знает русского языка и не может мол проверить качество перевода, а потому исключил поддержку незнакомых ему языков. Ага, свежо предание, да верится с трудом. Там в Германии столько наших, что проверить перевод можно в любой забегаловке за кружкой пива. Просто ему лень возится, вот он и выбросил "лишний" код.Victor_VG
Нет, нет. Я про вообще про поддержку кириллицы говорю, а не про перевод.
Цитата:
Может быть, есть и последние версии, где нет подобной проблемы, но только для избранных, где-то далеко...
Нет, нет. Я про вообще про поддержку кириллицы говорю, а не про перевод.
Цитата:
X-Ways WinHex v13.0 SR 13 последняя из Eng нормально работающая с русским набором текста
Может быть, есть и последние версии, где нет подобной проблемы, но только для избранных, где-то далеко...
AftarJjet
Как я в курсе нету. Только базирующиеся на латинницу языки, и только те что есть. От остальных малый как чёрт от ладана шарахается. Ответ мне приятель показал - они этого гаврика в угол зажали таки - лицензии СЦ купил, и не дешёвые, а почему мол не работает. Полгода говворит ругались, а потом автор обмолвился что де не может перевод проверить , а халтуру мол выпускать не хочет. Да вот мне сдаётся причины тут совсем иные - злые языки говорят, что у него покойный дедушка штурмбанфюрер СС и сам он в молодости не раз был в коричневых шествиях ловлен... И как я помню его ответ лет пятнадцать тому назад, он нас не сильно жалует. Ещё бы, при таком наследстве! Вот тут я лично и склонен видеть первопричину - просто мелкая подлость, и не более того. Ну, и плюс убеждение что мы все нищие, и все святцы =- он мне тогда это очень не плохо высказал, причём на хорошо поставленной смеси английского с отборными русскими выражениями. И самое забавное, что его минуты на три без повторов хватило. Мы с ним тогда случайно по работе пересеклись. Правда он после того разговора что очень быстро ноги сделал...
Как я в курсе нету. Только базирующиеся на латинницу языки, и только те что есть. От остальных малый как чёрт от ладана шарахается. Ответ мне приятель показал - они этого гаврика в угол зажали таки - лицензии СЦ купил, и не дешёвые, а почему мол не работает. Полгода говворит ругались, а потом автор обмолвился что де не может перевод проверить , а халтуру мол выпускать не хочет. Да вот мне сдаётся причины тут совсем иные - злые языки говорят, что у него покойный дедушка штурмбанфюрер СС и сам он в молодости не раз был в коричневых шествиях ловлен... И как я помню его ответ лет пятнадцать тому назад, он нас не сильно жалует.
Ещё бы, при таком наследстве! Вот тут я лично и склонен видеть первопричину - просто мелкая подлость, и не более того. Ну, и плюс убеждение что мы все нищие, и все святцы =- он мне тогда это очень не плохо высказал, причём на хорошо поставленной смеси английского с отборными русскими выражениями. И самое забавное, что его минуты на три без повторов хватило. Мы с ним тогда случайно по работе пересеклись. Правда он после того разговора что очень быстро ноги сделал...Помогите плз че делать, я захожу через другую учётку и запускаю WinHex, а он не хочет сохранять изменения в файле, грит, ошибка #3 -- не могу создать файл C:\Users\1\Local\Temp\Winhex001. Убедитесь, что папка существует и файл не защищён от записи. (учетная запись 1 запаролена и я раньше через неё заходил, а теперь пароль сменили)
WinHex 15.9 SR-3
Цитата:
• General support for sector sizes up to 8 KB (previous maximum: 4 KB).
• Support for GPT partitioning on media with 4 KB and 8 KB sector sizes.
• Ability to deal with HFS+/HFSX volumes on media with sector sizes larger than 2 KB,
as seen in iPhones and iPads.
• Ability to auto-detect the sector size in raw images of GPT-partitioned disk with sector
sizes of 4 KB and 8 KB.
• Ability to auto-detect the sector size in most raw images of MBR-partitioned disks with
a sector size of 4 KB.
• Partial progress of volume snapshot refinements is now saved when the case auto-save
interval elapses.
• The "List 1 hit per file only" option did not work correctly in v15.9. This was fixed.
• Improved function to delete duplicate search hits. When in doubt, X-Ways Forensics will
now keep the longer search hit (as a hit for "Smithsonian" for example is more specific
than "Smith") and favors search hits in existing files.
• Accelerated time to list millions of search hits.
• The Open Disk dialog window was wrong when not working with a case. That was fixed.
• The hash set filter did not work in v15.9. That was fixed.
• Avoided an exception error that could occur under certain circumstances when running
a byte-level signature search.
• If the context preview of search hits in files in large archives is too slow, it can now be
disabled by unselecting the existing option "Gallery: Show pictures in archives".
• Some minor improvements.
Victor_VG
Цитата:
Ага. Только меня, почему-то, сомнение берёт, насчёт того, что он знает и может проверить "French, Spanish, Brazilian, Portuguese, Italian". Тоже мне, полиглот, блин.
Цитата:
Полгода говворит ругались, а потом автор обмолвился что де не может перевод проверить , а халтуру мол выпускать не хочет.
Ага. Только меня, почему-то, сомнение берёт, насчёт того, что он знает и может проверить "French, Spanish, Brazilian, Portuguese, Italian". Тоже мне, полиглот, блин.
WinHex 15.9 SR-7
[more=changelog]• Avoided an exception error that could occur when the case root window was automatically opened at start-up.
• Avoided (potentially annoying, but harmless) messages that could be displayed by Windows when working with images on write-protected drives.
• Fixed an error that could occur when loading volume snapshots with more than 6 million objects.
• Drive letters were missing in the special tables of the registry report in earlier releases of 15.9. That was fixed.
• With the new search algorithm, GREP expressions of variable length were found in v15.9 with their shortest matches instead of their longest possible matches as before. This was changed.
• Avoids an exception error that occurred in v15.9 SR-5 when trying to refine the volume snapshot without a case.
• Fixed erroneous disappearance of partitions in the case tree when removing hidden items from the volume snapshot of a physical disk.
• Avoided an exception error that could occur when starting to use the Recover/Copy functionality.
• Fixed an error that occurred with .e01 evidence files that have more than 775 segments.
• Japanese translation updated.
• Some minor improvements.
• HFS+ partition size detection on disks with Apple partition table fixed.
• Ability to deal with volumes with cluster sizes of more than 128 sectors, which seem to be not uncommon in the exFAT file system.
• Fixed an exception error that could occur in certain situations with the new v15.9 search algorithm.
• In WinHex 15.7 through 15.9 with a specialist license, the simultaneous search function was unable to run a case-insensitive search correctly. That was fixed.
• Improved handling of the internal volume snapshot files if reading or writing these files fails because of insufficient drive space or other system resources, file system errors, or other reasons.
• More complete assignment of drive letters in the "Attached Devices" section of the registry report.[/more]
при попытки форматирования акронис и ему подобные уходят в перегруз
скачал Hex посмотрел свой жесткий. если смотреть диск полностью то в начале записаны
какие-то руские буквы и запись по английски-- Invalid partition table.Error loading operating system. missing operating sy.....(Неверная таблица разделов. Ошибка при загрузке операционной системы
а если смотреть на каждый раздел C,D,F,Y
то накаждом из них написано -- A disk read error occurred ... LOADMGR is missing.... LOADMGR is compressed... press ct+alt+del to restart.(диск читать ошибка ... LOADMGR отсутствует .... LOADMGR сжат ... Пресс CT + ALT + DEL, чтобы перезагрузить.)
только LOADMGR написано на С, а на F,D,Y в место LOADMGR написано BOOTMGR
это так должно быть или нет? может из-за этого и перегруз
скачал Hex посмотрел свой жесткий. если смотреть диск полностью то в начале записаны
какие-то руские буквы и запись по английски-- Invalid partition table.Error loading operating system. missing operating sy.....(Неверная таблица разделов. Ошибка при загрузке операционной системы
а если смотреть на каждый раздел C,D,F,Y
то накаждом из них написано -- A disk read error occurred ... LOADMGR is missing.... LOADMGR is compressed... press ct+alt+del to restart.(диск читать ошибка ... LOADMGR отсутствует .... LOADMGR сжат ... Пресс CT + ALT + DEL, чтобы перезагрузить.)
только LOADMGR написано на С, а на F,D,Y в место LOADMGR написано BOOTMGR
это так должно быть или нет? может из-за этого и перегруз
Пытаюсь использовать WinHex для восстановления данных на флешке. ZIP WAV и GIF восстанавливает без проблем, а вот с JPG и 3GP неувязка:
JPG - не восстанавливает файлы, в заголовке которых имеется последовательность \xFF\xD8\xFF\xE3 После окончания сканирования (file recover by type), пишет: "835 file headers were found. 801 files were retrieved." т.е Получается что этот заголовок программа видит, но не восстанавливает. Как понять из-за чего?
3GP - обрезает файлы примерно за 180 кил до их конца.
Как определяется окончание файла? И почему для тех же ZIP и GIF все происходит без проблем. Конкуренты 3GP извлекают с точным размером.
JPG - не восстанавливает файлы, в заголовке которых имеется последовательность \xFF\xD8\xFF\xE3 После окончания сканирования (file recover by type), пишет: "835 file headers were found. 801 files were retrieved." т.е Получается что этот заголовок программа видит, но не восстанавливает. Как понять из-за чего?
3GP - обрезает файлы примерно за 180 кил до их конца.
Как определяется окончание файла? И почему для тех же ZIP и GIF все происходит без проблем. Конкуренты 3GP извлекают с точным размером.
WinHex 16.0 (Apr 26, 2011)
[more=Что нового ?]There is no performance penalty any more for selecting many or all file types for the file header signature search. File header signature searches are now considerably faster and basically limited in speed only by the medium from which the data is read.
Tools | Disk Tools | Clone Disk now allows for reverse disk cloning and reverse disk imaging (requires a specialist or forensic license). Useful if the disk to acquire has severe physical defects that for example cause a disk imaging program or the entire Windows system to freeze or crash when reaching a certain sector. In such a case you can create an image in reverse order, by reading sectors from the end of the disk backwards, and it is even possible to automatically fill an existing incomplete ordinary ("forward") image additionally backwards to get an image that is as complete as possible, with only a small zeroed gap somewhere in the middle that represents the unreadable damaged spot on the source hard disk. Yes, X-Ways Forensics is quite a sophisticated disk imaging tool not only because of its speed, and we would like to remind everyone that additional dongles just for disk imaging are available for much less than the cost of a full license.
With the additional dongles for X-Ways Forensics just for disk imaging you can now additionally use the Tools | Disk Tools | Clone Disk functionality.
Ability to interpret data in the text column as text encoded in an arbitrary code page. That is very useful for East Asian code pages, Eastern European code pages and UTF-8 if the text is found outside of files that can be nicely viewed by the viewer component, e.g. floating around in free drive space. The character set/code page for the text column can now be selected via View | Character Set. Please note that you may need to select a font in General Options that contains all characters that you intend to read, and for East Asian characters you need to have support for these kinds of languages installed in Windows. The ability to select the character set/code page for Disk/Partition/File mode is now tentatively available also in X-Ways Investigator.
Ability to view Windows Vista and Windows 7 event log files (.evtx), based on work by Andreas Schuster.
Completely revised and more robust registry hive handling. Ability to find deleted keys and values in hives that contain unused space and lost keys/values in damaged/incomplete hives. In the report, deleted values are highlighted in red. If no complete path is known for keys, they will be listed as children of a new virtual key called "Path unknown".
Analysis of free space in registry hives with the report definition file "Reg Report Free Space.txt". The free space can be as large as several MB, especially as a consequence of the use of virus scanners and registry cleaning programs.
Registry value slack has a relevant size in NTUSER.DAT hives. This fact is now exploited with 2 measures:
1) If the slack contains text strings, it will be output in the registry report (in green). This new feature can optionally be turned off the registry viewer context menu.
2) For values that contain item lists (i.e. are binary) you can use the "Reg Report Free Space.txt" definitions to output registry report will output lists of filenames with timestamps in green. The first timestamps is an access date, the second one is a creation date. If no timestamps can be output, these are artifacts from "RecentDocs".
The registry viewer now allows to recursively explore all the keys and values in a hive and sort them in a chronological order.
The search function in the registry viewer is now more thorough and robust.
Better Unicode support in the registry report for registry hives from computers in Asia.
Tray notifications artifacts from Windows 7 registry hives are now supported and decoded. The timestamps render these artifacts useful for computer forensics. Further improved support for shell bags.
Windows registry report: New data type %I (ITEM list) covers not only Shell Bag (as in previous versions), but also for example desktop shortcuts. Format adjusted for Windows Vista and 7.
Ability to customize the notation of dates, times, and numbers (see new button in Options | General). Useful to be independent of the settings of live system that you want to preview. Ability to display years with 2 digits only.
The option to display fractions of seconds in high resolution timestamps has been moved from the directory browser options to the new notation options. The option to display the time zone bias has also been moved to the notation options.
Ability to open an evidence object even if the disk or image is not currently available, via a special command in the evidence object's context menu, to see the volume snapshot. That means you can see all the file metadata stored in the volume snapshot (filename, path, file size, timestamps, attributes, etc.), can use all filters etc., but cannot see any data in sectors and cannot open/view any files.
Improved thumbnails extraction from Windows Vista's and Windows 7's thumbcache_*.db files. Ability to assign original filenames, file paths, and modification timestamps to certain thumbnails that were previously just named with a 16-digit hex number.
When switching from File mode to Partition/Volume mode, X-Ways Forensics will now automatically point you to the offset from the point of view of the partition/volume that is equivalent to the offset within the file where the cursor was positioned last, even if the file is fragmented, if there is an equivalent position (not if the file is a compressed or virtual attached file or an extracted e-mail message or an exported video still etc.).
Ability to specify the directory in which to create a case when creating a new case, for that particular case only.
Directories with search hits that are copied from a search hit list now receive a special name when they are created as files in the output folder.
Sorting by search term count column has been accelerated.
Fixed an exception error that could occur when extracting metadata from carved MP4 and ASF files.
Hash database functions internally reworked. When importing the NSRL RDS hash database, X-Ways Forensics now checks for records with the flags "s" (special) and "m" (malicious) so that these hash values are not erroneously included in the same internal hash set that should be categorized as irrelevant.
It is now possible to abort lengthy sort operations. The directory browser is now unsorted after start-up by default. This new behavior can be turned off in the directory browser options.
The grouping options now have an effect even if the directory browser is not sorted.
The report table filter has a new option that allows to additionally include siblings of the associated files, i.e. files in the same directory as the files that are part of the selected report table(s). Useful, especially when exploring recursively and sorting by path, to check whether there are any further notable files in the neighborhood.
Ability to optionally also add any known duplicates of the selected file(s) in the same evidence object to a report table (files which have been identified as duplicates based on hash values and marked as such in the Attr. column).
New investigator.ini option +38 allows to prevent imports of report table associations.
Ability to identify animated GIFs. Animated GIFs will be added to a special report table during the file type verification.
Support for two new zip subtypes: APK Android smartphone packages and KEY Apple iWork keynote presentation files..
Many minor improvements.
[/more]
Скачать
Цитата:
[more=Что нового ?]There is no performance penalty any more for selecting many or all file types for the file header signature search. File header signature searches are now considerably faster and basically limited in speed only by the medium from which the data is read.
Tools | Disk Tools | Clone Disk now allows for reverse disk cloning and reverse disk imaging (requires a specialist or forensic license). Useful if the disk to acquire has severe physical defects that for example cause a disk imaging program or the entire Windows system to freeze or crash when reaching a certain sector. In such a case you can create an image in reverse order, by reading sectors from the end of the disk backwards, and it is even possible to automatically fill an existing incomplete ordinary ("forward") image additionally backwards to get an image that is as complete as possible, with only a small zeroed gap somewhere in the middle that represents the unreadable damaged spot on the source hard disk. Yes, X-Ways Forensics is quite a sophisticated disk imaging tool not only because of its speed, and we would like to remind everyone that additional dongles just for disk imaging are available for much less than the cost of a full license.
With the additional dongles for X-Ways Forensics just for disk imaging you can now additionally use the Tools | Disk Tools | Clone Disk functionality.
Ability to interpret data in the text column as text encoded in an arbitrary code page. That is very useful for East Asian code pages, Eastern European code pages and UTF-8 if the text is found outside of files that can be nicely viewed by the viewer component, e.g. floating around in free drive space. The character set/code page for the text column can now be selected via View | Character Set. Please note that you may need to select a font in General Options that contains all characters that you intend to read, and for East Asian characters you need to have support for these kinds of languages installed in Windows. The ability to select the character set/code page for Disk/Partition/File mode is now tentatively available also in X-Ways Investigator.
Ability to view Windows Vista and Windows 7 event log files (.evtx), based on work by Andreas Schuster.
Completely revised and more robust registry hive handling. Ability to find deleted keys and values in hives that contain unused space and lost keys/values in damaged/incomplete hives. In the report, deleted values are highlighted in red. If no complete path is known for keys, they will be listed as children of a new virtual key called "Path unknown".
Analysis of free space in registry hives with the report definition file "Reg Report Free Space.txt". The free space can be as large as several MB, especially as a consequence of the use of virus scanners and registry cleaning programs.
Registry value slack has a relevant size in NTUSER.DAT hives. This fact is now exploited with 2 measures:
1) If the slack contains text strings, it will be output in the registry report (in green). This new feature can optionally be turned off the registry viewer context menu.
2) For values that contain item lists (i.e. are binary) you can use the "Reg Report Free Space.txt" definitions to output registry report will output lists of filenames with timestamps in green. The first timestamps is an access date, the second one is a creation date. If no timestamps can be output, these are artifacts from "RecentDocs".
The registry viewer now allows to recursively explore all the keys and values in a hive and sort them in a chronological order.
The search function in the registry viewer is now more thorough and robust.
Better Unicode support in the registry report for registry hives from computers in Asia.
Tray notifications artifacts from Windows 7 registry hives are now supported and decoded. The timestamps render these artifacts useful for computer forensics. Further improved support for shell bags.
Windows registry report: New data type %I (ITEM list) covers not only Shell Bag (as in previous versions), but also for example desktop shortcuts. Format adjusted for Windows Vista and 7.
Ability to customize the notation of dates, times, and numbers (see new button in Options | General). Useful to be independent of the settings of live system that you want to preview. Ability to display years with 2 digits only.
The option to display fractions of seconds in high resolution timestamps has been moved from the directory browser options to the new notation options. The option to display the time zone bias has also been moved to the notation options.
Ability to open an evidence object even if the disk or image is not currently available, via a special command in the evidence object's context menu, to see the volume snapshot. That means you can see all the file metadata stored in the volume snapshot (filename, path, file size, timestamps, attributes, etc.), can use all filters etc., but cannot see any data in sectors and cannot open/view any files.
Improved thumbnails extraction from Windows Vista's and Windows 7's thumbcache_*.db files. Ability to assign original filenames, file paths, and modification timestamps to certain thumbnails that were previously just named with a 16-digit hex number.
When switching from File mode to Partition/Volume mode, X-Ways Forensics will now automatically point you to the offset from the point of view of the partition/volume that is equivalent to the offset within the file where the cursor was positioned last, even if the file is fragmented, if there is an equivalent position (not if the file is a compressed or virtual attached file or an extracted e-mail message or an exported video still etc.).
Ability to specify the directory in which to create a case when creating a new case, for that particular case only.
Directories with search hits that are copied from a search hit list now receive a special name when they are created as files in the output folder.
Sorting by search term count column has been accelerated.
Fixed an exception error that could occur when extracting metadata from carved MP4 and ASF files.
Hash database functions internally reworked. When importing the NSRL RDS hash database, X-Ways Forensics now checks for records with the flags "s" (special) and "m" (malicious) so that these hash values are not erroneously included in the same internal hash set that should be categorized as irrelevant.
It is now possible to abort lengthy sort operations. The directory browser is now unsorted after start-up by default. This new behavior can be turned off in the directory browser options.
The grouping options now have an effect even if the directory browser is not sorted.
The report table filter has a new option that allows to additionally include siblings of the associated files, i.e. files in the same directory as the files that are part of the selected report table(s). Useful, especially when exploring recursively and sorting by path, to check whether there are any further notable files in the neighborhood.
Ability to optionally also add any known duplicates of the selected file(s) in the same evidence object to a report table (files which have been identified as duplicates based on hash values and marked as such in the Attr. column).
New investigator.ini option +38 allows to prevent imports of report table associations.
Ability to identify animated GIFs. Animated GIFs will be added to a special report table during the file type verification.
Support for two new zip subtypes: APK Android smartphone packages and KEY Apple iWork keynote presentation files..
Many minor improvements.
[/more]
Скачать
Цитата:
What to expect in v16.1?
Support for Exchange EDB e-mail databases, and more!
Сам спросил - сам отвечу. С jpg помогла строчка:
JPEG JPG;jpeg;jpe \xFF\xD8\xFF\xE3 0 \xFF\xD9
т.е. дело было в отсутствии footer-а.
А вот с 3gp - никак. Или огромные файлы или обрезки.
WinHex в принципе может восстанавливать файл, определяя начало по заголовку, а конец считать по кластеру со следующим заголовком? А то "размер по умолчанию" - просто глупость.
JPEG JPG;jpeg;jpe \xFF\xD8\xFF\xE3 0 \xFF\xD9
т.е. дело было в отсутствии footer-а.
А вот с 3gp - никак. Или огромные файлы или обрезки.
WinHex в принципе может восстанавливать файл, определяя начало по заголовку, а конец считать по кластеру со следующим заголовком? А то "размер по умолчанию" - просто глупость.
Спросил автора о планах поддержки юникодовых клавиатур - он сказал "Нет, не есть так."
WinHex 16.0 SR-3
Цитата:
http://www.x-ways.net/winhex.zip
Цитата:
* Filenames are now maintained whenever possible when copying files off the evidence objects for inclusion in the case report.
* Larger Windows system fonts now have an effect also on the directory browser.
* WinHex and X-Ways Forensics never supported recognition of date order if the date format was specified in Windows with only single-digit days or months (e.g. d.m.yyyy or m/d/yy). That was fixed.
* Script command "Find" can now run a case-insensitive search even if the search terms is a variable.
* Some minor improvements.
http://www.x-ways.net/winhex.zip
Не знаю где правильнее запостить. Отписался тут и в ветке варезника.
Русификатор WinHex 16.0 SR-3 от Localiz2
Русификатор WinHex 16.0 SR-3 от Localiz2
WinHex 16.0 SR-5
Цитата:
http://www.x-ways.net/winhex.zip
Цитата:
* File header signature searches in v16.0 did not find file types whose signatures were defined at relative offsets larger than 0. That was fixed.
* Unicode support in registry hives further completed, now also covers usernames and the Owner column in the directory browser.
* Support for Windows Image Acquisition folder MRU in registry report.
* The option to not overwrite an already existing index when starting to index again did not work. That was fixed.
* Some minor improvements.
http://www.x-ways.net/winhex.zip
WinHex 16.0 SR-6
Цитата:
http://www.x-ways.net/winhex.zip
Цитата:
* Memory leak in file header signature search of v16.0 fixed.
* Some minor improvements in registry hive processing.
http://www.x-ways.net/winhex.zip
Tim72 (11:55 23-05-2011)
Цитата:
Цитата:
с офсайта скачивается SR-5 от 2011-05-18 откатили, что ли, из-за ошибок?Я уж было подумал, что это только у меня такой глюк.
Страницы: 123456789101112131415161718192021222324252627
Предыдущая тема: Как грузануть RedHat при NTLoader в MBR?
Форум Ru-Board.club — поднят 15-09-2016 числа. Цель - сохранить наследие старого Ru-Board, истории становления российского интернета. Сделано для людей.