Tools

Description

Starting with X-Ways Forensics v16.4 (released in early 2012), investigators have been able to automate and extend the functionality of X-Ways Forensics with X-Tensions.

Since X-Tensions can be written in any programming language, the possibilities are endless.

Helper Methods and Wrappers

In order to speed up development of new X-Tensions, we created some helper methods for commonly used operations.

XWFGetVolumeName
XWFGetReportTableAssocs
XWFGetSectorContents
XWFGetItemType
XWFGetVolumeInformation
XWFSearchWithoutCodePages
ReadItem(IntPtr hItem)
GetFullPath(Int32 itemId)
CreateFileFromExternalFile
CreateSearchInfo

Just download and save/move to your WinHex or X-Ways Forensics program folder.
Templates are .txt files with a .tpl file extension, and can be viewed /edited with any
text editor, or from 'View', 'Template Manager' in WinHex/XWF.

Note 1: References/notes are included within each template file.
Note 2: Template Editing
Note 3: X-Ways Forensic & WinHex user manual (pdf) (template editing: Ch.7.6 Page 159)

Extraction of SHA1 sets from Reference Data Set (RDS) provided by the National Software Reference Library (NSRL) for X-Ways Forensics (or any other tool that uses SHA1).

An updated C# port of X-Ways X-Tensions API.

• the categories are sorted alphabetically;
• some categories were renamed;
• there are now new categories like Network/Packets and Memory;
• some extensions were moved to other categories;
• some new extensions/filenames were added to the list.

If you want to give it a try, replace the two files "File Type Categories.txt" and "File Type Categories User.txt" in your installation folder with the ones you can download from my repository xways-forensics .

his X-Ways Forensics extension automates the export of hashes from an image While the extension could be run from the X-Ways gui, it can also be run from the command-line.

D:\XWAYS>"c:\Program Files\X-Ways Forensics\xwb64.exe" "NewCase:D:\XWAYS\test" "AddImage:d:\XWAYS\testdisk.img" "XT:D:\XWAYS\XT_HashExporter.dll" RVS:~ auto

uteShark is a Network Forensic Analysis Tool (NFAT) that performs deep processing and inspection of network traffic (mainly PCAP files, but it also capable of directly live capturing from a network interface). It includes: password extracting, building a network map, reconstruct TCP sessions, extract hashes of encrypted passwords and even convert them to a Hashcat format in order to perform an offline Brute Force attack.

The main goal of the project is to provide solution to security researchers and network administrators with the task of network traffic analysis while they try to identify weaknesses that can be used by a potential attacker to gain access to critical points on the network.

Two BruteShark versions are available, A GUI based application (Windows) and a Command Line Interface tool (Windows and Linux).
The various projects in the solution can also be used independently as infrastructure for analyzing network traffic on Linux or Windows machines. For further details see the Architecture section.

The project was developed in my spare time to address two main passions of mine: software architecture and analyzing network data.

Shoviv Office 365 to PST is an advanced solution that presents many useful features to the users. It allows users to export Office 365 mailbox to PST with a click. The software facilitates Incremental Export and enables exporting PST file data to Office 365. Along with these, it offers filter as well as item search options to simplify the processing. The software is compatible with all Outlook versions and effectively works in all Windows Operating Systems.

Shoviv PST to Office 365 Migration Tool is an upgraded solution to migrate PST to Office 365. The software is developed with the advanced algorithm and allows migrating PST to Live Exchange, and in Outlook PST too. The software also facilitates adding corrupted PST files for the recovery. To execute the PST to Office 365 migration easily, the software comes with the user-friendly GUI and facilitates user-oriented features. A free trial version of the software is also available to download.

Shoviv OST to Office 365 Migration Tool is one of the safest and reliable solutions in the field of data migration. The OST to Office 365 Migration is proficient software which can efficiently import OST to Office 365 without any alteration in the original data. Shoviv Software supports the multiple numbers of OST files without any concern of size. A free trial version of Shoviv OST to Office 365 migration tool is also available to download. Highlighted features of OST to Office 365 tool are:

Shoviv GroupWise to Outlook Converter guarantees an impeccable conversion from GroupWise archive to Outlook PST. It provides an effortless way to export data from the GroupWise to Outlook PST. It offers all the ease for easier conversion of GroupWise archive to PST which is a file format of Outlook. Along with this, the GroupWise data can also be saved into MSG and EML format. Using this tool you can split resultant PST in the desired size and can deal with large-sized GroupWise mailbox. The Software is compatible with all versions of GroupWise and Outlook.

Shoviv GroupWise to Outlook Converter guarantees an impeccable conversion from GroupWise archive to Outlook PST. It provides an effortless way to export data from the GroupWise to Outlook PST. It offers all the ease for easier conversion of GroupWise archive to PST which is a file format of Outlook. Along with this, the GroupWise data can also be saved into MSG and EML format. Using this tool you can split resultant PST in the desired size and can deal with large-sized GroupWise mailbox. The Software is compatible with all versions of GroupWise and Outlook.

Shoviv Lotus Notes to Outlook Converter empower the users to convert NSF to PST file in a flawless manner. It provides a fast and quick way to convert Lotus Notes to Outlook. There is no limitation on adding multiple NSF files for the conversion. The software comes with several enhanced features to provide an effortless working experience. The software allows the users to save NSF files to EML as well as MSG files without any technical glitch. The GUI of the software is very user-friendly, any user can execute tasks without any prior technical knowledge. A free demo version of the software is also available to download.

Shoviv EML to PST Converter is a picture-perfect tool to perfectly convert EML files to MS Outlook’s PST file format and other targets. Shoviv EML to PST Converter offers a lot: EML to Office 365 migration, EML to Live Exchange and also conversion to MSG like easily accessible file formats. The Software supports all the version of MS Windows and deals with both Unicode and ANSI PST file of MS Outlook. A free trial version of the software is also obtainable. Some highlights of the software are listed below:

Shoviv EDB to PST Converter is an advanced multi-functional utility. Along with converting EDB to PST file format it also recovers inaccessible or corrupted EDB files. Besides this, it also allows to save EDB files into EML, HTML, MSG et cetera. Using this utility, users can export EDB file data to PST, Live Exchange, and Office 365. There is no restriction with the Shoviv software on adding multiple EDB files. It maintains the data originality and doesn't make any alteration. A trial version of the software also comes for free. It allows checking the working of the software.

Shoviv OST to PST Converter is a very proficient tool. It perfectly recovers inaccessible and corrupt OST items and converts them to PST. This tool has many user-centric features for a perfect and hassle-free conversion. It allows converting multiple OST files to PST in no time. It also converts OST files to HTML, EML, vCal, and vCard like file formats. There is no restriction on adding an OST file of a large size. A free trial version of Shoviv OST File Converter is also available.