(Winhex) : Forensics
(Winhex) : Forensics
(Winhex) : Forensics
Background Information
Background
WinHex is in its core a universal hexadecimal editor,
particularly helpful in the realm of computer forensics, data
recovery, low-level data processing, and IT security. An advanced
tool for everyday and emergency use: inspect and edit all kinds
of files, recover deleted files or lost data from hard drives
with corrupt file systems or from digital camera cards. License
type comparison.
Reference Link:
http://www.x-ways.net/winhex/
Prerequisite
1. Login to your Instructor VM, as username administrator
For those of you that do not have access to my class, Instructor
VM is a Windows XP Operating System.
4. Save to C:\tools\winhex
5. Click on Open Folder
7. Click on Next
8. Click on Next
9. Click On Finish
3. Once winhex loads for the first timeyou will see a window similar to
the below.
Select Computer Forensics Interface.
Click on OK
4. File Examination 1
The picture below is the first file you will examine with winhex.
Please following the next steps
5. Right Click on the Below Picture
Select "Save Picture As..." (See Below)
2. Click on Run
3. On Your Instructor VM
Bring up Windows Explorer
Go To C:\tools\winhex
Double Click on winhex.exe
4. Click on Run
5. Click on File, then Click on Open
6. Navigate to C:\tools\winhex\myfiles
Click on file .pgpass.gpg.
Click on Open