* Two additional internal metadata timestamps are now extracted from MS Word OLE2 compound file documents, which can be useful for corroboration. * Ability to show directory subtrees in Preview mode with directory sizes instead of or in addition to file counts (see new settings in Options | Viewer Programs). * Ability to interpret VHDX virtual machine disk images and add them to a case like other supported image types. * The phone alias table now has 2,850 entries and supports more than 13,000 camera models. The download link can be retrieved as always by querying one's license status. A preview version of X-Ways Forensics 20.5 is now available.A preview version of X-Ways Forensics 19.8 is now available. The URL of the download directory for all recent versions can be retrieved by querying one's license status as always. * New command "Capture Processes" in the Tools menu in X-Ways Forensics that allows to acquire all data in the memory of running processes on a live system contiguously (i.e. pages in the order as allocated by the process). The creation times of processes can be seen as the creation timestamps of the memory dumps. Pages marked as containing executable code (PAGE_EXECUTE* styles) are optional and if omitted will suitably reduce the amount of data if you are merely interested in keyword searches or carving and not malware analysis. Carving in the memory dumps (files shown as type "mem") can be performed by uncovering embedded data, one of the functions of volume snapshot refinement. * This command can also produces a tab-delimited list of all top-level windows with their titles and corresponding processes plus (comma-delimited) the titles of their child windows. Screenshots of some of the top-level windows are taken and output automatically.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |