±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36296
New Yesterday: 0 Visitors: 180

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Winhex Forensics

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

andy1500mac
Senior Member
 

Winhex Forensics

Post Posted: Nov 17, 05 18:16

Hi All,

I am aware that a few out there use Winhex Forensic edition and was wondering about its real world functionality acquiring and examining systems that don’t need to be shutdown.

I have copied the program files to CD and run off a live system in order to acquire an image as well as conduct cursory searches (all in a testing environment). Before running you have to point the applications default “save” location for (temp files, recovered files and image file) to removable media. It seems to work well….is anyone actually using Winhex in this manner?

Thanks,

Andrew-  
 
  

arashiryu
Senior Member
 

Re: Winhex Forensics

Post Posted: Nov 17, 05 19:13

WinHex has come in handy for me more than a few times. The most used features on a live system for me have been :

* Open RAM
* Clipboard Data
* Gather Free Space
* Gather Slack Space
* Gather Text

Since It opens in Read Only mode I am comfortable with running it on a live system.

I do struggle with its file recovery feature. Lot of duplicates/false positives. Maybe I am not using it right and blaming the tool. I haven't played with file recovery much.  
 

Page 1 of 1