May 21, 2021 X-Ways Forensics (xwforensics.exe). X-Ways Forensics is an advanced work environment for computer forensic examiners. It facilitates disk cloning and imaging, reading of partitioning and file system structures inside raw image files, and recovery of deleted files. This tool has native support for FAT, exFAT, NTFS, and optical disk file systems. X-Ways Forensics Portable is an advanced work environment for computer forensic examiners and our flagship product. Compared to its competitors, X-Ways Forensics is more efficient to use after a while, by far not as resource-hungry, often runs much faster, finds deleted files and search hits that the competitors will miss, offers many features that the others lack, as a German product is. Dec 19, 2020 Download here. See the crack folder for instructions. X Ways WinHex Forensics v20 Download Torrent. X Ways WinHex Forensics v20 Installer Download. X Ways WinHex Forensics v20 download. Download uTorrent. December 19, 2020. By:Dipayan Mondal.

1. Torrent X-ways Forensics Training
2. Torrent X-ways Forensics Software
3. Torrent X-ways Forensics Software

X-Ways Forensics comprises all the general and specialist features known from WinHex, such as...

• Disk cloning and imaging
• Ability to read partitioning and file system structures inside raw (.dd) image files, ISO, VHD, VHDX, VDI, and VMDK images
• Complete access to disks, RAIDs, and images more than 2 TB in size (more than 2³² sectors) with sector sizes up to 8 KB
• Built-in interpretation of JBOD, RAID 0, RAID 5, RAID 5EE, and RAID 6 systems, Linux software RAIDs, Windows dynamic disks, and LVM2
• Automatic identification of lost/deleted partitions
• Native support for FAT12, FAT16, FAT32, exFAT, TFAT, NTFS, Ext2, Ext3, Ext4, Next3®, CDFS/ISO9660/Joliet, UDF
• Superimposition of sectors, e.g. with corrected partition tables or file system data structures to parse file systems completely despite data corruption, without altering the original disk or image
• Access to logical memory of running processes
• Various data recovery techniques, lightning fast and powerful file carving
• Well maintained file header signature database based on GREP notation
• Data interpreter, knowing 20 variable types
• Viewing and editing binary data structures using templates
• Hard disk cleansing to produce forensically sterile media
• Gathering slack space, free space, inter-partition space, and generic text from drives and images
• File and directory catalog creation for all computer media
• Easy detection of and access to NTFS alternate data streams (ADS)
• Mass hash calculation for files (Adler32, CRC32, MD4, ed2k, MD5, SHA-1, SHA-256, RipeMD-128, RipeMD-160, Tiger-128, Tiger-16, Tiger-192, TigerTree, ...)
• Lightning fast powerful physical and logical search capabilities for many search terms at the same time
• Recursive view of all existing and deleted files in all subdirectories
• Automatic coloring for the structure of FILE records in NTFS
• Bookmarks/annotations
• Runs under Windows FE, the forensically sound bootable Windows environment, e.g. for triage/preview, with limitations
• Support for high DPI settings in Windows
• Ability to analyze remote computers in conjunction with F-Response
• ...

• Support for the filesystems HFS, HFS+/HFSJ/HFSX, XFS, Btrfs, ReiserFS, Reiser4, many variants of UFS1 and UFS2, APFS
• Superior, fast disk imaging with intelligent compression options
• Ability to read and write .e01 evidence files (a.k.a. EnCase images), optionally with real encryption (256-bit AES, i.e. not mere “password protection”)
• Ability to create skeleton images, cleansed images, and snippet images (details)
• Ability to copy relevant files to evidence file containers, where they retain almost all their original file system metadata, as a means to selectively acquire data in the first place or to exchange selected files with investigators, prosecution, lawyers, etc.
• Complete case management.
• Ability to tag files and add notable files to the case report. Ability to enter comments about files for inclusion in the report or for filtering.
• Support for multiple examiners in cases, where X-Ways Forensics distinguishes between different users based on their Windows accounts. Users may work with the same case at different times or at the same time and keep their results (search hits, comments, report table associations, tagmarks, viewed files, excluded files, attached files) separate, or shares them if desired.
• Case reports can be imported and further processed by any other application that understands HTML, such as MS Word
• CSS (cascading style sheets) supported for for case report format definitions
• Automated activity logging (audit logs)
• Write protection to ensure data authenticity
• Keeps you posted about the progress of automatic processing via a drive on the same network or via e-mail while you are not at your workplace
• Remote analysis capability for drives in network can be added optionally (details)
• Ability to include files from all volume shadow copies in the analysis (but exclude duplicates), filter for such files, find the snapshot properties, etc.
• Often finds much more traces of deleting files than competing programs, thanks to superior analysis of file system data structures, including $LogFile in NTFS, .journal in Ext3/Ext4
• The basis for a listed file is practically just a mouse click away. Easily navigate to the file system data structure where it is defined, e.g. FILE record, index record, $LogFile, volume shadow copy, FAT directory entry, Ext* inode, containing file if embedded etc.
• Supported partitioning types: MBR, GPT (GUID partitioning), Apple, Windows dynamic disks (both MBR and GPT style), LVM2 (both MBR and GPT style), and unpartitioned (Superfloppy)
• Very powerful main memory analysis for local RAM or memory dumps of Windows 2000, XP, Vista, 2003 Server, 2008 Server, Windows 7
• Sector superimposition to virtually fix corrupt data on disks or in images and enable further analysis steps without altering the disks sectors/images
• Shows owners of files, NTFS file permissions, object IDs/GUIDs, special attributes
• Output of all internal file system timestamps (even 0x30 timestamps in NTFS, added dates in HFS+)
• Special identification of suspicious extended attributes ($EA) in NTFS, as used for example by Regin
• Compensation for NTFS compression effects and Ext2/Ext3 block allocation logic in file carving
• Carving of files also within other files
• Lightning-fast matching of files against the up to 2 internal file hash databases
• Matching sector contents against a block hash database, to identify incomplete fragments of highly relevant known files
• FuzZyDoc™ hashing to identify known textual contents (e.g. classified documents, invoices, stolen intellectual property, e-mails) even if stored in a different file format, re-formatted, edited, ...
• PhotoDNA hashing to identify known photos (e.g. child pornography) even if stored in a different file format, resized, color-adjusted, constrast-adjusted, blurred, sharpened, partially pixelated, edited, mirrored (law enforcement only)
• Ability to import hash sets in these formats: Project Vic JSON/ODATA, NSRL RDS 2.x, HashKeeper, ILook, ...
• Create your own hash sets
• Computation of two hash values of different types at the same time
• Random analysis scope reduction using ID modulo filter and immediately available pseudo-hash values
• Convenient back & forward navigation from one directory to another, multiple steps, restoring sort criteria, filter (de)activation, selection
• Gallery view, showing thumbnails of pictures, videos, even documents and many other non-picture file types
• Calendar view, showing hotspots of activity, ideal to combine with the chronological event list
• File preview, seamlessly integrated viewer component for 270+ file types
• Ability to print the same file types directly from within the program with all metadata on a cover page
• Internal viewer for Windows Registry files (all Windows versions); automated and configurable powerful Registry report that also check value slack in registry hives
• Viewer for Windows event log files (.evt, .evtx), Windows shortcut (.lnk) files, Windows Prefetch files, $LogFile, $UsnJrnl, restore point change.log, Windows Task Scheduler (.job), $EFS LUS, INFO2, wtmp/utmp/btmp log-in records, MacOS X kcpassword, AOL-PFC, Outlook NK2 auto-complete, Outlook WAB address book, Internet Explorer travellog (a.k.a. RecoveryStore), Internet Explorer index.dat history and browser cache databases, SQLite databases such as Firefox history, Firefox downloads, Firefox form history, Firefox sign-ons, Chrome cookies, Chrome archived history, Chrome history, Chrome log-in data, Chrome web data, Safari cache, Safari feeds, Skype's main.db database with contacts and file transfers, ...
• Ability to collect Internet Explorer history and browser cache index.dat records that are floating around in free space or slack space in a virtual single file
• Extracts metadata and internal creation timestamps from various file types and allows to filter by that, e.g. MS Office, OpenOffice, StarOffice, HTML, MDI, PDF, RTF, WRI, AOL PFC, ASF, WMV, WMA, MOV, AVI, WAV, MP4, 3GP, M4V, M4A, JPEG, BMP, THM, TIFF, GIF, PNG, GZ, ZIP, PF, IE cookies, DMP memory dumps, hiberfil.sys, PNF, SHD & SPL printer spool, tracking.log, .mdb MS Access database, manifest.mbdx/.mbdb iPhone backup, ...
• Keeps track of which files were already viewed during the investigation
• Automaticcellbackgroundcoloring based on user-defined conditions helps to draw your attention to items of interest without having to filter out all non-matching items.
• Include external files, e.g. translations or decrypted or converted versions of original files, and connect them to the files they belong with
• Ability to examine e-mail extracted from Outlook (PST, OST), Exchange EDB, Outlook Express (DBX), AOL PFC, Mozilla (including Thunderbird), generic mailbox (mbox, Unix), MSG, EML
• Can produce a powerful event list based on timestamps found in all supported file systems, in operating systems (including event logs, registry, recycle bin, ...), and file contents (e.g. e-mail headers, Exif timestamps, GPS timestamps, last printed timestamps; browser databases, Skype chats, calls, file transfers, account creation...).
• Event timestamps can be sorted chronologically to get a timeline of events. They are represented graphically in a calendar to easily see hotspots of activity or periods of inactivity or to quickly filter for certain time periods with 2 mouse clicks.
• Extremely extensive and precise file type verification based on signatures and specialized algorithms
• Allows you to define your own file header signatures, file types, type categories, file type ranks, and file type groups
• Directory tree on the left, ability to explore and tag directories including all their subdirectories
• Synchronizing the sectors view with the file list and directory tree
• MANY powerful dynamic filters based on true file type, hash set category, timestamps, file size, comments, report tables, contained search terms, ...
• Ability to identify and filter our duplicate files
• Ability to copy files off an image or a drive including their full path, including or excluding file slack, or file slack separately or only slack
• Automatic identification of encrypted MS Office and PDF documents
• Can extract almost any kind of embedded files (including pictures) from any other kind of files, thumbnails from JPEGs and thumbcaches, .lnk shortcuts from jump lists, various data from Windows.edb, browser caches, PLists, tables from SQLite databases, miscellaneous elements from OLE2 and PDF documents, ...
• Skin color detection (e.g. a gallery view sorted by skin color percentage greatly accelerates a search for traces of child pornography)
• Detection of black & white or gray-scale pictures, which could be scanned-in documents or digitally stored faxes
• Detection of PDF documents that should be OCR'ed
• Ability to extract still pictures from video files in user-defined intervals, using MPlayer or Forensic Framer, to drastically reduce the amount of data when having to check for inappropriate or illegal content
• Lists the contents of archives directly in the directory browser, even in a recursive view
• Logical search, in all or selected files/directories only, following fragmented cluster chains, in compressed files, metadata, optionally decoding text in PDF, HTML, EML, ..., optionally using GREP (regular expressions), user-defined 'whole words' option, and much more
• Powerful search hit listings with context preview, e.g. like “all search hits for the search terms A, B, and D in .doc and .ppt files below Documents and Settings with last access date in 2004 that do not contain search term C”
• Option to sort search hits by their data and context instead of just by the search terms to which they belong. Ability to filter search hits by the textual context around them using an additional keyword.
• Highly flexible indexing algorithm, supporting solid compound words and virtually any language
• Search and index in both Unicode and various code pages
• Logically combine search hits with an AND, fuzzy AND, NEAR, NOTNEAR, + and - operators
• Ability to export search hits as HTML, highlighted within their context, with file metadata
• Detection and removal of host-protected areas (HPA, ATA-protected areas), and DCO (under Windows XP)
• Ability to decompress entire hiberfil.sys files and individual xpress chunks
• X-Tensions API (programming interface) to add your own functionality or automate existing functionality with very high performance (for example the popular C4All as an X-Tension runs about 6 times faster than as an EnScripts), does not require you to learn a proprietary programming language
• No complicated database to set up and connect to, with the risk of never being able to open your case again like in competing software
• Interface for PhotoDNA (only for law enforcement), which can recognize known pictures (even if stored in a different format or altered) and can return the classification (“CP”, “relevant”, “irrelevant”) to X-Ways Forensics
• ...

It is impossible to list all the features and options here. The above list is notoriously incomplete, last updated on May 23, 2015. New features were announced in the newsletter (archive). Check prices, order now. Other available languages: . X-Ways Forensics is protected with a local dongle or network dongle or via BYOD. Reduced and simplified user interface available for investigators that are not forensic computing specialists, at half the price: X-Ways Investigator

Owners of licenses for X-Ways Forensics can achieve Gold status.

*Limitations under Windows Vista and later: Physical RAM cannot be opened. Unable to write sectors on the partitions that contain Windows and WinHex.

Digital forensic is a process of preservation, identification, extraction, and documentation of computer evidence which can be used by the court of law. There are many tools that help you to make this process simple and easy. These applications provide complete reports that can be used for legal procedures.

Following is a handpicked list of Digital Forensic Toolkits, with their popular features and website links. The list contains both open source(free) and commercial(paid) software.

Best Computer Forensics Tools

1) ProDiscover Forensic

ProDiscover Forensic is a computer security app that allows you to locate all the data on a computer disk. It can protect evidence and create quality reports for the use of legal procedures. This tool allows you to extract EXIF(Exchangeable Image File Format) information from JPEG files.

Features:

• This product supports Windows, Mac, and Linux file systems.
• You can preview and search for suspicious files quickly.
• This Digital forensics software creates a copy of the entire suspected disk to keep the original evidence safe.
• This tool helps you to see internet history.
• You can import or export .dd format images.
• It enables you to add comments to evidence of your interest.
• ProDiscover Forensic supports VMware to run a captured image.

Link: https://www.prodiscover.com

2) Sleuth Kit (+Autopsy)

Sleuth Kit (+Autopsy) is a Windows based utility tool that makes forensic analysis of computer systems easier. This tool allows you to examine your hard drive and smartphone.

Features:

• You can identify activity using a graphical interface effectively.
• This application provides analysis for emails.
• You can group files by their type to find all documents or images.
• It displays a thumbnail of images to quick view pictures.
• You can tag files with the arbitrary tag names.
• The Sleuth Kit enables you to extract data from call logs, SMS, contacts, etc.
• It helps you to flag files and folders based on path and name.

Link: https://www.sleuthkit.org

3) CAINE

CAINE is a Ubuntu-based app that offers a complete forensic environment that provides a graphical interface. This tool can be integrated into existing software tools as a module. It automatically extracts a timeline from RAM.

Features:

• It supports the digital investigator during the four phases of the digital investigation.
• It offers a user-friendly interface.
• You can customize features of CAINE.
• This software offers numerous user-friendly tools.

Link: https://www.caine-live.net

4) PALADIN

PALADIN is Ubuntu based tool that enables you to simplify a range of forensic tasks. This Digital forensics software provides more than 100 useful tools for investigating any malicious material. This tool helps you to simplify your forensic task quickly and effectively.

Features:

• It provides both 64-bit and 32-bit versions.
• This tool is available on a USB thumb drive.
• This toolbox has open-source tools that help you to search for the required information effortlessly.
• This tool has more than 33 categories that assist you in accomplishing a cyber forensic task.

Link: https://sumuri.com/software/paladin/

5) EnCase

Encase is an application that helps you to recover evidence from hard drives. It allows you to conduct an in-depth analysis of files to collect proof like documents, pictures, etc.

Features:

• You can acquire data from numerous devices, including mobile phones, tablets, etc.
• It is one of the best mobile forensic tools that enables you to produce complete reports for maintaining evidence integrity.
• You can quickly search, identify, as well as prioritize evidence.
• Encase-forensic helps you to unlock encrypted evidence.
• It is one of the best digital forensics tools that automates the preparation of evidence.
• You can perform deep and triage (severity and priority of defects) analysis.

Link: https://www.guidancesoftware.com/encase-forensic

6) SANS SIFT

SANS SIFT is a computer forensics distribution based on Ubuntu. It is one of the best computer forensic tools that provides a digital forensic and incident response examination facility.

Features:

• It can work on a 64-bit operating system.
• This tool helps users to utilize memory in a better way.
• It automatically updates the DFIR (Digital Forensics and Incident Response) package.
• You can install it via SIFT-CLI (Command-Line Interface) installer.
• This tool contains numerous latest forensic tools and techniques.

Link: https://digital-forensics.sans.org/community/downloads/

7) FTK Imager

FTK Imager is a forensic toolkit i developed by AccessData that can be used to get evidence. It can create copies of data without making changes to the original evidence. This tool allows you to specify criteria, like file size, pixel size, and data type, to reduce the amount of irrelevant data.

Features:

• It provides a wizard-driven approach to detect cybercrime.
• This program offers better visualization of data using a chart.
• You can recover passwords from more than 100 applications.
• It has an advanced and automated data analysis facility.
• FTK Imager helps you to manage reusable profiles for different investigation requirements.
• It supports pre and post-processing refinement.

Link: https://accessdata.com/products-services/forensic-toolkit-ftk

8) Magnet RAM capture

Magnet RAM capture records the memory of a suspected computer. It allows investigators to recover and analyze valuable items which are found in memory.

Features:

• You can run this app while minimizing overwritten data in memory.
• It enables you to export captured memory data and upload it into analysis tools like magnet AXIOM and magnet IEF.
• This app supports a vast range of Windows operating systems.
• Magnet RAM capture supports RAM acquisition.

Link: https://www.magnetforensics.com/resources/magnet-ram-capture/

9) X-Ways Forensics

X-Ways is software that provides a work environment for computer forensic examiners. This program is supports disk cloning and imaging. It enables you to collaborate with other people who have this tool.

Features:

• It has ability to read partitioning and file system structures inside .dd image files.
• You can access disks, RAIDs (Redundant array of independent disk), and more.
• It automatically identifies lost or deleted partitions.
• This tool can easily detect NTFS (New Technology File System) and ADS (Alternate Data Streams).
• X-Ways Forensics supports bookmarks or annotations.
• It has the ability to analyze remote computers.
• You can view and edit binary data by using templates.
• It provides write protection for maintaining data authenticity.

Link: http://www.x-ways.net/forensics/

10) Wireshark

Wireshark is a tool that analyzes a network packet. It can be used to for network testing and troubleshooting. This tool helps you to check different traffic going through your computer system.

Features:

• It provides rich VoIP (Voice over Internet Protocol) analysis.
• Capture files compressed with gzip can be decompressed easily.
• Output can be exported to XML (Extensible Markup Language), CSV (Comma Separated Values) file, or plain text.
• Live data can be read from the network, blue-tooth, ATM, USB, etc.
• Decryption support for numerous protocols that include IPsec (Internet Protocol Security), SSL (Secure Sockets Layer), and WEP (Wired Equivalent Privacy).
• You can apply intuitive analysis, coloring rules to the packet.
• Allows you to read or write file in any format.

Link: https://www.wireshark.org

11) Registry Recon

Registry Recon is a computer forensics tool used to extract, recover, and analyze registry data from Windows OS. This program can be used to efficiently determine external devices that have been connected to any PC.

Features:

• It supports Windows XP, Vista, 7, 8, 10, and other operating systems.
• This tool automatically recovers valuable NTFS data.
• You can integrate it with the Microsoft Disk Manager utility tool.
• Quickly mount all VSCs (Volume Shadow Copies) VSCs within a disk.
• This program rebuilds the active registry database.

Link: https://arsenalrecon.com/products/

12) Volatility Framework

Volatility Framework is software for memory analysis and forensics. It is one of the best Forensic imaging tools that helps you to test the runtime state of a system using the data found in RAM. This app allows you to collaborate with your teammates.

Features:

• It has API that allows you to lookups of PTE (Page Table Entry) flags quickly.
• Volatility Framework supports KASLR (Kernel Address Space Layout Randomization).
• This tool provides numerous plugins for checking Mac file operation.
• It automatically runs Failure command when a service fails to start multiple times.

Link: https://www.volatilityfoundation.org

13) Xplico

Xplico is an open-source forensic analysis app. It supports HTTP( Hypertext Transfer Protocol), IMAP (Internet Message Access Protocol), and more.

Features:

• You can get your output data in the SQLite database or MySQL database.
• This tool gives you real time collaboration.
• No size limit on data entry or the number of files.
• You can easily create any kind of dispatcher to organize the extracted data in a useful way.
• It is one of the best open source forensic tools that support both IPv4 and IPv6.
• You can perform reserve DNS lookup from DNS packages having input files.
• Xplico provides PIPI (Port Independent Protocol Identification) feature to support digital forensic.

Link: https://www.xplico.org

14) e-fense

E-fense is a tool that helps you to meet your computer forensics and cybersecurity needs. It allows you to discover files from any device in one simple to use interface.

Features:

• It gives protection from malicious behavior, hacking, and policy violations.
• You can acquire internet history, memory, and screen capture from a system onto a USB thumb drive.
• This tool has a simple to use interface that enables you to achieve your investigation goal.
• E-fense supports multithreading, that means you can execute more than one thread simultaneously.

Link: http://www.e-fense.com/products.php

15) Crowdstrike

Crowdstrike is digital forensic software that provides threat intelligence, endpoint security, etc. It can quickly detect and recover from cybersecurity incidents. You can use this tool to find and block attackers in real time.

Features:

• It is one of the best cyber forensics tools that help you to manage system vulnerabilities.
• It can automatically analyze malware.
• You can secure your virtual, physical, and cloud-based data center.

Link: https://www.crowdstrike.com/endpoint-security-products/falcon-endpoint-protection-pro/

FAQs

❓ What is Digital Forensics?

Digital Forensics is a process of preservation, identification, extraction, and documentation of computer evidence that can be used by the court of law. It is a science of finding evidence from digital media like a computer, mobile phone, server, or network. It helps the forensic team to analyze, inspect, identify, and preserve the digital evidence residing on various types of electronic devices.

❗ What are Digital Forensic Tools?

Torrent X-ways Forensics Training

Digital Forensic Tools are software applications that help to preserve, identify, extract, and document computer evidence for law procedures. These tools help to make the digital forensic process simple and easy. These tools also provide complete reports for legal procedures.

✅ Types of Computer Forensic Tools

Here are the main types of digital forensic tools:

• Disk Forensic Tools
• Network Forensic Tools
• Wireless Forensic Tools
• Database Forensic Tools
• Malware Forensic Tools
• Email Forensic Tools
• Memory Forensic Tools
• Mobile Phone Forensic Tools

💻 Which are the Best Digital Forensic Software Tools?

Below are some of the best digital forensic software tools:

• ProDiscover Forensic
• Sleuth Kit
• CAINE
• PALADIN
• EnCase
• FTK Imager
• Wireshark
• Volatility Framework

Torrent X-ways Forensics Software

🏅 Which factors should you consider while selecting a Digital Forensic Tool?

The following factors should be considered while selecting a digital forensic tool:

• Security
• Support for multiple platforms
• User-friendly interface
• Features and functionalities offered
• Support for multiple devices
• Support for multiple file formats
• Analytics features
• Integrations and Plugins support

Best Digital Forensic Software

Torrent X-ways Forensics Software