WinHex - PowerPoint PPT Presentation

1 / 36
About This Presentation
Title:

WinHex

Description:

WinHex – PowerPoint PPT presentation

Number of Views:334
Avg rating:3.0/5.0
Slides: 37
Provided by: FLE11
Category:
Tags: winhex | rtw

less

Transcript and Presenter's Notes

Title: WinHex


1
WinHex
2
WinHex
  • Objectives
  • Identify the basic capabilities of the Specialist
    Version of WinHex.
  • Basic disk editing functions
  • Text String Search
  • Hex Character Search
  • File Recovery
  • Report Options

3
Hitting the Enter Key will take you to the Start
Center.
This will allow you to open an individual file,
folder, Drive or Physical Disk
4
The Open Disk option allows you to open up
either the logical drive or physical disk for
examination.
5
The folders option is new to this version. If
this icon is checked you can view the file or you
can view the folder structure in a navigation
window, while viewing the physical contents of a
file in the window below.
6
Opening a file will cause an info box to open.
This box will list all the clusters that make up
the selected files.
7
The data on the left side of the screen provides
info regarding disk size, physical location,
cluster size, and file selected.
8
WinHex contains an inplace editor similar in
function to Diskeditor. This allows you to make
changes to the contents of files.
9
The Open File Option from the Start Menu lets you
select any file on a drive for review or editing.
10
In this case, the IO.SYS file has been opened and
a search initiated for any calls to the C Drive
(c\)
11
12 hits for C\ were identified during the search.
12
These hits were archived in the position manager.
13
Clicking on the item in the position manager
takes you to the location of the hit.
14
This call to the C drive can now be changed
15
Selecting the binocular icon at the time will
allow you to conduct a single string text
search. The results can be archived as a database
or within the position monitor.
16
You will be asked to provide a limit on the
maximum number of hits to archive.
17
When the search is completed you will be told how
many hits were identified.
18
The position manager can be accessed by going to
the position tab at the top of the screen, and
selecting Position Manager.
You can also get to the Position Manager by
hitting the control and M key at the same time.
19
The position manager lists physical location and
if it is in an active file.
20
Double clicking on the entry in the position
manager will take you directly to the hit
location.
Search Hit
21
To clear the position manager, select the first
entry, hold down on the shift key and select the
last entry. Hit the delete button to clear all
entries.
22
The Specialist Edition allows you to search for
multiple text strings at the same time. Go to the
Specialist tab on the upper menu. Select the
Simultaneous Search option.
23
This option will allow you to enter multiple text
strings to be searched at the same time.
24
The results of this search will be found in the
position manager, just as they were with the
single string search.
25
WinHex will let you search for Hexadecimal
strings. This is helpful in finding file
signatures.
26
The results of these searches are maintained in
the position manager the same way searches for
text were stored.
27
The search identified the FFD8FF hex code of a
file with extension jpg.
28
This data can be marked and copied out into a
file.
29
You give the file a name and extension.
30
We have now manually accomplished what we did
with automated tools such as Digit, Carvethis,
and EnCase Escript. This is one method of
validating the results of the programs listed
above.
31
The WinHex specialist edition has the capability
of File recovery by file type or name. File type
recovery has a list of various file signatures it
is capable of recovering. This process is not
particularly fast, but it is efficient. File
name recovery allows the recovery of files based
on their name or a text pattern inside the file.
32
WinHex is capable of providing you with a list of
the contents of your drive. This list will
include file name, full path, MAC Times and
dates, and a hash value of each file. This list
will also contain data pertaining to deleted
files. This option is accessed by going to the
Specialist menu and selecting the Create Drive
Contents Table option.
33
This report output is placed into an Excel
spreadsheet automatically.
34
WinHex
  • WinHex is capable of numerous other options
    including
  • Creating a Clone or duplicate
  • Creating a backup image
  • Extremely fault tolerant when dealing with CDFS
  • Capable of gathering free space and slack into a
    text file for search and recovery
  • File comparison

35
WinHex
  • Hash of individual files or drives
  • File comparison
  • File splitting

36
Conclusion
  • WinHex is a valuable tool to add to your tool box
  • Many applications are only as limited as your
    imagination.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "WinHex" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!