X-Ways Forensics: Creating Data Schedules of Your Reviewed Evidence
Experts are faced with a huge amount of information that must be processed in a matter of moments. For this specialist to group all kinds of documents the parameters for the part it takes a very long time. To simplify the work of the experts by the German company X-Ways Forensics program was developed.
X-Ways Forensics – is an integrated suite that allows solving almost the entire range of computer forensics and investigation tasks of IT incidents on the data removal to reporting. This increases the efficiency of the work of experts, greatly reduced time for research. X-Ways Forensics has a number of unique features to analyze data that are not available in similar software products. At the same time it is developing rapidly, integrating new functions requested. This program does not require installation and can be run on any computer running Windows, including from a flash drive. This makes it possible to use it for quick removal and analysis of data when working outside the lab.
The main features and capabilities of X-Ways Forensics:
- Ability to open image files and modify their contents on the internal file system level;
- View and create images of memory (RAM) and virtual memory of running processes;
- Erasing data on various kinds of media;
- Ability to copy with the test drive or image files with full path, with or without Slack, Slack copy only;
- Analysis and editing of logical data structures based on the built-in templates;
- Removing metadata and internal marks the dates of creation for various types with the ability to filter job files (MS Office files, OpenOffice, StarOffice, HTML, MDI, PDF, RTF, WRI, AOL PFC, ASF, WMV, WMA, MOV, AVI, WAV, MP4, 3GP, M4V, M4A, JPEG, BMP, THM, TIFF, GIF, PNG, GZ, ZIP, PF, IE cookies, memory dumps DMP, hiberfil.sys, PNF, files spooler SHD & SPL, tracking.log, bases MS Access database, iPhone backups, and others.);
- Automatically search and extract images in other documents (e.g., jpeg images in MS Office documents, PDF, etc.);
- Recovery and analysis of the Outlook e-mail messages (PST, OST), Outlook Express (DBX), Mozilla (Netscape and Thunderbird), The Bat !, AOL PFC (mbox, Berkeley, BSD, Unix), Eudora, PocoMail, Barca, Opera, Forte Agent, Pegasus, PMMail, FoxMail, maildir, MSG, EML
- Developed searchable by keywords on the physical and logical level, including with the use GREP syntax;
- Support for special file-containers intended for the storage and transfer of relevant files, preserving all metadata for the analysis of the other members of the investigation;
- Powerful dynamic filters for a wide range of attributes – file type, timestamps, file size, comments, metadata containing the keyword, the entry in the hash table, etc.
Thus, X-Ways Forensics comprises all the general and special functions.