±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35650
New Yesterday: 0 Visitors: 131

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Xways Forensic

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Andy
Senior Member
 

Xways Forensic

Post Posted: Apr 18, 05 20:45

Any one know how to change to in-place edit mode? I have read the PDF instructions and it mentions this function; however it is not intuitive, I just cannot see how to change from read-only to in-pace edit. I wish to edit a file in WinHex.....

Andy  
 
  

akaplan0qw9
Senior Member
 

Re: Xways Forensic

Post Posted: Apr 18, 05 21:08

Options=> Select Mode=> In-Place Edit Mode.
_________________
Alan M. Kaplan, ACE
Nevada PI License #220
AKaplan @ LasVegasPI.com 
 
  

Andy
Senior Member
 

Re: Xways Forensic

Post Posted: Apr 19, 05 08:34

Al - the Edit mode is grey'd out. I cannot change it!

Andy  
 
  

Andy
Senior Member
 

Re: Xways Forensic

Post Posted: Apr 19, 05 08:38

I think I've figured it out. The 'forensics' edition, although it has more features than WinHEX, doesn't allow any write facility. It's not all that clear in the help menu.

Andy  
 
  

akaplan0qw9
Senior Member
 

Re: Xways Forensic

Post Posted: Apr 19, 05 13:08

Stefan Fleishman the owner and author of X-Ways Forensics and WinHex installs both in the same folder and uses the Alt-TAB toggle to go back and forth. He seems to do most of his Forensic work in WinHex. As you have found, the Forensic version does its best to keep you from screwing up evidence. On the other hand it seems to be so restrictive that it can be frustrating to work with. I don't know nearly as much about it as I would like. As you have found, the documentation needs work and it is neither intuitive or user friendly. However, it is very powerful and flexible. In the seminar I attended, there were capabilities that got both Encase and FTK users to say, "Wow!" It is a very exciting program that one wants to learn. The first thing Stephan does is to generate a drive contents table. That lays open all manner of things in one place. Some are automatically flagged. Like ADS files. I'm sure I saw him look directly into a zipped file from there, but I could not repeat that. One of the strongest things is his data carving. There are over 50 file types in there by default and you can add as many more as you can identify a header for. You can use one, several, or all of these at one time and you can have it sort each file type in a different folder if you like.

Stefan is a very nice young man and will help you if you ask a software problem or issue. However, he is not an investigator, he is a software expert and thinks like one. You also have to remember that this same tool is used and sold for data recovery. That multi function capability may be putting more options on the screen than we need. Al

He makes a few associated programs, Evidore and Trace. both are very easy to use. and effective.
_________________
Alan M. Kaplan, ACE
Nevada PI License #220
AKaplan @ LasVegasPI.com 
 
  

Andy
Senior Member
 

Re: Xways Forensic

Post Posted: Apr 19, 05 14:58

Thanks Al, I do quite like the software, but you're right there isn't much in the way of documentation for it. There needs to be a really comprehensive pdf shipped with it. Also some bookmarking type facility would be good.

Andy  
 
  

liusiguang
Newbie
 

Re: Xways Forensic

Post Posted: May 17, 05 19:54

I have used WinHex (and X-ways Forensic) for several years. The evolution from a system admin tool to a forensic tool has been gradual, and always forward. I have talked with Stefan for most of this time period and found him to be most reasonable.

His software is on a par with, often exceeding, the better-known players, for pennies on the dollar, cost wise.

As for documentation...there is always room for more. There is an entire third-party market out there (___ for Dummies, The Idiot's Guide to___, etc.) because programmers don't like to do documentation. Take a good look at third-party books on M$ apps. When I get my opus maximus on Winhex finished, I will make it available....

Later,
LSG  
 

Page 1 of 1