Recent Posts

Stats

Get Apps Deliverd To Your Email

Pages

Blogger Themes

Site Map

Advertise

Moto GP News

Football News

Formula 1 News

Pages

Sport News

Popular Posts

Blog Archive

Search This Blog

Wednesday, 26 January 2011

WinHex 15.9 (computer Forensics & Data Recovery, Hex Editor & Disk Editor)

A computer Forensics & Data Recovery Software, Hex Editor & Disk Editor 

WinHex is a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. An advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards. 

WinHex is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security.

An advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards. WinHex will grant users access to data other programs hide from them.

Here are some key features of "WinHex":

Disk cloning, disk imaging:
· to produce exact duplicates of disks/drives, e.g. to save the time for a full installation of the operating system and other software for several computers/disks of the same type, or to be able to restore a running installation in case of data loss/screwed up Windows (restoration of a backup). Also for computer forensics specialists, since they need to work on a copy when searching for evidence on the object disk. You can clone directly, or from an image file. Menu: Tools | Disk Tools | Clone Disk

RAM editor:
· e.g. for debugging purposes (programming), for examining/manipulating any running program and in particular computer games (cheating). Tools | RAM Editor

Analyzing files:
· e.g. to determine the type of data recovered as lost cluster chains by ScanDisk or chkdsk. Examples. Tools | Analyze File

Wiping confidential files or disks:
· ...so no one (not even computer forensics specialists) will be able to retrieve them. To securely erase a file, use File Manager | Delete Irreversibly. For disk wiping, open the disk with the disk editor and use Edit | Fill Disk Sectors. E.g. fill with zero bytes (hexadecimal value 00) or random bytes. WinHex works in accordance with the standard outlined in DoD 5220.22-M (for details, please see this white paper). Also see X-Ways Security.

Wiping unused space and slack space:
· ...either to close security leaks, to securely destroy previously existing classified files that have been deleted in the traditional way only, or to minimize the size of your disk backups (like WinHex backups or Norton Ghost backups), since initialized space can be compressed 99%. On NTFS drives, WinHex will even offer to wipe all currently unused $Mft (Master File Table) file records, as they may still contain names and fragments of files previously stored in them. File slack can be found in the unused end of the last cluster allocated to a file, which usually contains traces of previously existing files. Slack space - like everything else - is processed by WinHex very fast. Also see X-Ways Security.

ASCII - EBCDIC conversion:
· Allows to exchange text between mainframe computers and the PC in both directions. You may even tailor the character translation table in WinHex (ebcdic.dat) for your own needs. Edit | Convert
· Binary, Hex ASCII, Intel Hex, and Motorola S conversion
· z. B. for (E)PROM programmers. Edit | Convert
· Unifying and dividing odd and even bytes/words
· for (E)PROM programmers. File Manager | Unify/Dissect

Conveniently editing data structure:
· using custom templates. Download a tutorial. View | Template Manager

Splitting files that do not fit on a disk:
· File Manager | Split/Concatenate
· WinHex as a reconnaissance and learning tool
Are you sure Microsoft Word really discards previous states of your document? You may be surprised to find text deleted long ago in your .doc files. Maybe text that you really do not wish to be seen by the person you are going to pass the .doc file to? Discover what various software programs save in their files. Study unknown file formats and learn how they work. Investigate e.g. how executable files are structured and how they are loaded in RAM. The possibilities are practically unlimited. Here is another important one:
· Finding interesting values (e.g. the number of lives, ammunition, etc.) in saved game files
· using the Combined Search or using the File Comparison utility, for later manipulation

Manipulating saved game files:
· for any computer game, following existing instructions from cheat sites on the Internet or for developing your own cheats.

Upgrading MP3 jukeboxes and Microsoft Xbox with larger hard drive:
· To upgrade, the new hard disk must be prepared first. This is where you need WinHex. Instructions for Creative's Nomad MP3 jukebox, DAP jukebox and Microsoft Xbox. You can also change the name of your Xbox.

Manipulating text:
· ...that one is not supposed to edit, e.g. in binary files. It is not convenient, but possible to translate practically any software into another language by editing text in the executable files, e.g. if the source code is not available (e.g. lost). Or you would like to edit text in files of a certain binary type that the native application does not let you modify. For instance, programmers may find their compiler automatically creates a configuration file for their project whose filename (application name + .cfg) conflicts with a file their own software uses. If your local laws and the license permit that, edit the compiler's executable file such that it works without problems (e.g. with the filename extension “.cnf”).
· Viewing and manipulating files that usually cannot be edited
· because they are protected by Windows (e.g. the swap file, temporary files of the Internet Explorer), using the disk editor. Tools | Disk Editor

Viewing, editing, and repairing system areas:
· such as the Master Boot Record with its partition table and boot sectors. Tools | Disk Editor | Access button

Hiding data or discovering hidden data:
· ...e.g. behind the supposed end of .jpg files (steganography), or in unused parts of logical drives or physical disks. WinHex specifically supports access to surplus sectors that are not in use by the operating system because they do not add to an entire cluster or cylinder.

Copy & Paste:
· Use copy & paste or copy & write (=overwrite) with files, disks, and RAM. You may freely copy from a disk and write the clipboard contents to a disk, without regard to sector boundaries!

Unlimited Undo:
· When editing, reverse any of your steps. Only restricted by available disk space. Edit | Undo

Jump back and forward:
· WinHex keeps a history of your offset jumps, and lets you go back and forward in the chain, like an Internet browser does. Position | Back/Forward

Scripting:
· Automated file editing using scripts, to accelerate recurring routine tasks or to carry out certain tasks on unattended remote computers. The ability to execute scripts other than the supplied sample scripts is limited to owners of a professional license. Scripts can be run from the Start Center or the command line. While a script is executed, you may press Esc to abort. With its wider range of application, scripting supersedes the Routine feature known from previous WinHex versions. Find out more about scripts in the program help.

API (Application Programming Interface):
· Professional users may also make good use of WinHex' advanced capabilities in their own programs written in Delphi, C/C++, or Visual Basic. The WinHex API provides a convenient interface for random access to files and disks (at the sector level). The provided functions are similar to the scripting commands.

Data recovery:
· for erroneously deleted files or generally after an experienced loss of data. Can be done manually (see undeleting files) or automatically. There is an automatic recovery mode for FAT12, FAT16, FAT32, and NTFS drives called “File Recovery by Name” that simply requires you to specify one or more file masks (like *.gif, John*.doc, etc.). WinHex will do the rest. Via the Access button menu, a recovery mechanism is available for FAT drives which re-creates entire nested directory structures (details here). Another mechanism (“File Recovery by Type”, formerly “file retrieval”) can be used on any file system and recovers all files of a certain type at a time. Supported file types: jpg, png, gif, tif, bmp, dwg, psd, rtf, xml, html, eml, dbx, xls/doc, mdb, wpd, eps/ps, pdf, qdf, pwl, zip, rar, wav, avi, ram, rm, mpg, mpg, mov, asf, mid. In particular owners of digital cameras quite often encounter problems with their media. WinHex is likely to help with this automated function that makes good use of the existence of file headers (characteristic signatures at the beginning of a file). Tools | Disk Tools | File Retrieval

Computer examination/forensics:
· WinHex is an invaluable tool in the hands of computer investigative specialists in private enterprise and law enforcement.

Trusted download (a security issue):
· When transferring unclassified material from a classified hard disk drive to unclassified media, you need to be certain that a copied file will have no extraneous information in any cluster or sector “overhang” spuriously copied along with the actual file, since this slack space may still contain classified data from a time when it was allocated to a different file. The command Tools | Specialist Tools | Copy exactly copies the file in its current size, no entire sectors or clusters. Not one byte beyond the end of the file will be copied to the destination disk. Minimize your IT risks. Requires a specialist license.

128-bit encryption:
· to make files unreadable by others. Edit | Convert

Checksum/digest calculation:
· to make sure a file is not corrupt and was not manipulated, or to identify common known files. Tools | Calculate Hash.

Generating pseudo-random data:
· for various (e.g. scientific simulation) purposes. Edit | Fill File

Download :
| Hotfile |
| Easy-Share |
| Megaupload |
| Ziddu |

No comments:

Post a Comment