winhex - x-ways forensics.pdf
(
604 KB
)
Pobierz
WinHex Manual
X-Ways Software Technology AG
WinHex/
X-Ways Forensics
Integrated Computer Forensics Environment.
Data Recovery & IT Security Tool.
Hexadecimal Editor for Files, Disks & RAM.
Manual
Copyright © 1995-2007 Stefan Fleischmann. All rights reserved.
Contents
1
Preface ..................................................................................................................................................1
1.1
About WinHex and X-Ways Forensics.........................................................................................1
1.2
Legalities.......................................................................................................................................2
1.3
License Types ...............................................................................................................................3
1.4
Differences between WinHex and X-Ways Forensics..................................................................4
1.5
Getting Started with X-Ways Forensics........................................................................................4
2
Technical Background ........................................................................................................................5
2.1
Using a Hex Editor........................................................................................................................5
2.2
Endian-ness ...................................................................................................................................6
2.3
Integer Data Types ........................................................................................................................6
2.4
Floating-Point Data Types ............................................................................................................6
2.5
Date Types ....................................................................................................................................7
2.6
ANSI ASCII/IBM ASCII..............................................................................................................8
2.7
Checksums ....................................................................................................................................9
2.8
Digests ..........................................................................................................................................9
2.9
Technical Hints ...........................................................................................................................10
3
Forensic Features...............................................................................................................................11
3.1
Case Management .......................................................................................................................11
3.2
Evidence Objects ........................................................................................................................12
3.3
Log & Report Feature .................................................................................................................13
3.4
Report Tables ..............................................................................................................................14
3.5
Volume Snapshots ......................................................................................................................14
3.6
Directory Browser.......................................................................................................................18
3.7
Internal Viewer ...........................................................................................................................23
3.8
Registry Report ...........................................................................................................................23
3.9
Mode Buttons..............................................................................................................................24
3.10
Simultaneous Search ...................................................................................................................25
3.11
Logical Search ............................................................................................................................26
3.12
Search Hit Lists...........................................................................................................................27
3.13
Indexing, Index Search ...............................................................................................................29
3.14
Hash Database.............................................................................................................................31
3.15
Time Zone Concept.....................................................................................................................31
3.16
Evidence File Containers ............................................................................................................32
4
Menu Reference .................................................................................................................................33
4.1
Directory Browser Context Menu...............................................................................................34
4.2
File Menu ....................................................................................................................................37
4.3
Edit Menu ...................................................................................................................................38
4.4
Search Menu ...............................................................................................................................39
4.5
Position Menu .............................................................................................................................40
4.6
View Menu..................................................................................................................................41
4.7
Tools Menu .................................................................................................................................42
4.8
File Tools ....................................................................................................................................44
4.9
Specialist Menu...........................................................................................................................45
4.10
Options Menu .............................................................................................................................47
4.11
Window Menu ............................................................................................................................47
II
4.12
Help Menu ..................................................................................................................................48
4.13
Windows Context Menu .............................................................................................................48
5
Some Basic Concepts .........................................................................................................................49
5.1
Start Center .................................................................................................................................49
5.2
Entering Characters.....................................................................................................................49
5.3
Edit Modes ..................................................................................................................................49
5.4
Status Bar ....................................................................................................................................50
5.5
Scripts .........................................................................................................................................51
5.6
WinHex API................................................................................................................................51
5.7
Disk Editor ..................................................................................................................................52
5.8
RAM Editor ................................................................................................................................53
5.9
Template Editing.........................................................................................................................54
6
Data Recovery ....................................................................................................................................54
6.1
File Recovery with the Directory Browser .................................................................................54
6.2
File Recovery by Type................................................................................................................55
6.3
File Type Definitions ..................................................................................................................56
6.4
Manual Data Recovery ...............................................................................................................57
7
Options................................................................................................................................................58
7.1
General Options ..........................................................................................................................58
7.2
Directory Browser Options .........................................................................................................62
7.3
Undo Options ..............................................................................................................................64
7.4
Security & Safety Options ..........................................................................................................64
7.5
Search Options ............................................................................................................................66
7.6
Replace Options ..........................................................................................................................68
8
Miscellaneous .....................................................................................................................................69
8.1
Block ...........................................................................................................................................69
8.2
Modify Data ................................................................................................................................69
8.3
Conversions ................................................................................................................................70
8.4
Wiping and Initializing ...............................................................................................................72
8.5
Disk Cloning ...............................................................................................................................73
8.6
Images and Backups ...................................................................................................................74
8.7
Hints on Disk Cloning, Imaging, Image Restoration ..................................................................75
8.8
Backup Manager .........................................................................................................................75
8.9
Assembling RAID Systems ........................................................................................................76
8.10
Position Manager ........................................................................................................................77
8.11
Data Interpreter ...........................................................................................................................78
8.12
Useful Hints ................................................................................................................................78
Appendix A:
Template Definition .................................................................................................80
1
Header .............................................................................................................................................80
2
Body: Variable Declarations ...........................................................................................................81
3
Body: Advanced Commands...........................................................................................................82
4
Body: Flexible Integer Variables ....................................................................................................84
Appendix B:
Script Commands ....................................................................................................84
Appendix C:
Disk Editor Q&A .....................................................................................................92
III
Appendix D:
Master Boot Record.................................................................................................93
Appendix E:
Surplus Sectors ........................................................................................................94
IV
1
Preface
1.1
About WinHex and X-Ways Forensics
Copyright © 1995-2007 Stefan Fleischmann, X-Ways Software Technology AG. All rights
reserved.
X-Ways Software Technology AG
Web:
http://www.x-ways.net
Carl-Diem-Str. 32
Product homepage:
http://www.x-ways.net/winhex/
32257 Bünde
Ordering:
http://www.x-ways.net/winhex/order.html
Germany
Support forum:
http://www.winhex.net
Fax: +49 721-151 322 561
E-mail address:
mail@x-ways.com
Registered in Bad Oeynhausen (HRB 7475). CEO: Stefan Fleischmann. Board of directors (chairwoman): Dr. M.
Horstmeyer.
X-Ways Software Technology AG is a stock corporation incorporated under the laws of the
Federal Republic of Germany. WinHex was first released in 1995. This manual was compiled
from the online help of WinHex/X-Ways Forensics v14.1, released May 2007. It is available in
English and German.
The following operating systems are supported: Windows 98/Me (not recommended), Windows
2000, Windows XP (recommended), Windows 2003 Server (with limitations).
Professional users around the world include...
U.S. and German federal law enforcement agencies, ministries such as the Australian Department
of Defence, U.S. national institutes (e.g. the Oak Ridge National Laboratory in Tennessee), the
Technical University of Vienna, the Technical University of Munich (Institute of Computer
Science), the German Aerospace Center, the German federal bureau of aviation accident
investigation, Microsoft Corp., Hewlett Packard, Toshiba Europe, Siemens AG, Siemens
Business Services, Siemens VDO AG, Infineon Technologies Flash GmbH & Co. KG, Ontrack
Data International Inc., Deloitte & Touche, KPMG Forensic, Ernst & Young, Ericsson, National
Semiconductor, Lockheed Martin, BAE Systems, TDK Corporation, Seoul Mobile Telecom,
Visa International, DePfa Deutsche Pfandbriefbank AG, Analytik Jena AG, and many other
companies and scientific institutes. Please visit the web site to find out how to order the full
version!
We would like to thank the state law enforcement agency of Rhineland-Palatinate, Germany for
extraordinarily numerous and essential suggestions on the development of X-Ways Forensics.
User interface translation: Chinese by Sprite Guo. French by Jérôme Broutin, revised by Bernard
Leprêtre. Spanish by José María Tagarro Martí. Italian by Fabrizio Degni, updated by Michele
Larese de Prata. Brazilian Portuguese by Heyder Lino Ferreira.
1
Plik z chomika:
helga24
Inne pliki z tego folderu:
HAKERZY.rar
(4612 KB)
crc_press_-_cyber_crime_investigator_27s_field_guide.pdf
(2310 KB)
John Wiley & Sons - Incident Response. Computer Forensics To.rar
(5183 KB)
Computer Hacking Forensic Investigator_pdf.rar
(15480 KB)
Photoshop CS3 for Forensics Professionals.pdf
(12890 KB)
Inne foldery tego chomika:
JAVA
MP3 player,Blooth,Myszka Manhattan
PHP-Sql-html
Prywatne
zachomikowane
Zgłoś jeśli
naruszono regulamin