Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

X-Ways Trace Prepared By: Leen F. Arikat Supervisor: Dr. Lo’ai Tawalbeh

advertisement 
X-Ways Trace
Prepared By: Leen F. Arikat
Supervisor: Dr. Lo’ai Tawalbeh
What is Computer
Forensics
Computer Forensics is defined as the
science of collecting evidence that
assists in discovering illegal activities
implemented by any computer media.
Many Types of computer forensics tools
have been launched lately; X-Ways Trace
is an example of such tools.
X-Ways Trace
A computer forensics tool that allows to
track and examine web browsing activity
and deletion of files through the
Windows recycle bin that took place on a
certain computer.
X-Ways Trace 2.5
© 2003 X-Ways Software Technology AG
Postal address: Carl-Diem-Str. 32 • 32257 Bünde • Germany
E-mail address: mail@x-ways.com
Fax: +49-721-151 322 561
First released in May 2003, last updated in April 2007.
The following operating systems are supported:
• Windows 95/98/Me
• Windows NT 4.0
• Windows 2000
• Windows XP
Product web site: http://www.x-ways.net
Company homepage: http://www.x-ways.net/corporate/
How does X-Ways Trace
work?

Deciphers Internet Explorer's evergrowing internal history/cache file
index.dat.
Displays complete URLs, date and time
of the last visit, user names, file sizes,
filename extensions, and more .
It allows to sort by any criterion
How does X-Ways Trace
work? Cont..


X-Ways Trace interprets the browser
history file "history.dat" left behind by
Mozilla/Firefox.
X-Ways Trace interprets the browser
cache file "dcache4.url" produced by
Opera.
How does X-Ways Trace
work? Cont..

Reads from:
 One or more files you specify.
 Searches complete folders and
subfolders.
 Searches entire hard disks (or raw images
of hard disks) in allocated space, free
space, and slack space, or even, for traces
of someone having surfed the Internet.
How does X-Ways Trace
work? Cont..

Also deciphers the hidden Windows recycle
bin file info2 located in every Recycled
/Recycler folder.
 Displays the original path and filename
 Displays date and time of deletion
 Displays file size, and more,sometimes
even if the recycle bin has been emptied.
X-Ways Trace features
All the details compiled by X-Ways
Trace can be exported to MS Excel.
 The files/disks examined by X-Ways
Trace will not be altered by the
examination.


X-Ways Trace is part of Evidor, but can
be ordered separately.
What is Evidor?

Evidor:
Is a Software for lawyers, law firms,
corporate law and IT security
departments, licensed investigators, and
law enforcement agencies. Evidor is a
small subset of just the search
functionality in X-Ways Forensics.
What does Evidor do?




Evidor allows to search text on hard disks.
It retrieves the context of keyword
occurrences on computer media, by examining
all allocated space and also currently
unallocated space called slack space.
It can even find data from files that have been
deleted, if physically still existing.
Please note that Evidor cannot access remote
networked hard disks.
X-Ways Trace
implementation
File Menu




Open File
Use this to open one or more index.dat files.
Any file that is opened is automatically
searched for MS Internet Explorer's log
entries.
Windows usually prevents you from opening
the main index.dat file in the browser cache
folder with Open File.
Other index.dat files, such as the one in the
Cookie subfolder of a user profile, can be
accessed normally.
File Menu
Cont..

Open Folder
This command is used open and examine
several files at the a time. Select a folder
in which to open files. Subfolders are
browsed optionally, too.
File Menu
Cont..

Open Disks
X-Ways Trace allows you to access floppy and
hard disks below file system level. You may
access a disk either logically or physically. On
most computer systems you can even access
CD-ROM and DVD media.
A disk that is opened will be entirely searched
for index.dat file records, including free space,
slack space, Windows swap files, etc.
File Menu
Cont..


Export: Allows you to save the currently
displayed list as a tab-delimited text file
e.g. for export to and further processing
in MS Excel.
Exit: Use this command to end X-Ways
Trace. The currently displayed list will be
lost.
Edit Menu



Copy URL: Copies the full Internet address of
the selected line of an index.dat file as plain
text to the clipboard.
Copy Filename: Copies the full filename and
path of the selected line of an info2 file as plain
text to the clipboard.
Look up on Internet: Runs your Internet
browser and points it to the address of the
selected line, so you can check out that page or
picture yourself, provided it is still available.
Edit Menu Cont..



Open in WinHex: Runs WinHex and opens the
current file or logical drive. Only available if
WinHex is installed on your computer.
Find Text: This command is used to search for
the specified text (e.g. domain, file, or user
name) of up to 50 characters in the current file
or disk (cf. Search Options).
Continue Search: Lets you continue the last
executed search operation in the current file or
disk at the current position.
Edit Menu Cont..



Continue Global Search: This command is
used to continue a global search operation in
the next file.
Remove: Deletes the currently selected
item(s) from the list. Does not delete the URLs
from the open file or disk.
Convert to Local Time: Causes X-Ways Trace
to adjust all date & time data to your local time
zone, as defined in the Windows Control Panel.
Window Menu



Window Manager: Displays all windows and
provides "instant window switching"
functionality. You may also close windows.
Close All: Closes all windows and thus all
open files and disks.
Close All Without Prompting: Closes all
windows and thus all opened files and disks
without giving you the opportunity to save your
modifications.
Window Menu Cont..



Cascade/Tile: Arranges the windows in
the aforementioned way.
Minimize All: Minimizes all windows.
Arrange Icons: This command arranges
all minimized windows.
Help Menu



Contents: Displays the contents of the
program help.
Setup: Lets you switch between the English,
the German, and the French user interface.
Initialize: Use this command to restore the
default settings of X-Ways Trace. Alternatively,
delete the trace.cfg file before running the
program.
Help Menu Cont..



Uninstall: Use this command to remove XWays Trace from your system.
Online: Opens the X-Ways Trace homepage
(http://www.x-ways.net) or the support forum
(http://www.winhex.net) in your browser.
About WinHex: Displays information about
WinHex (the program version, your license
status, and more).
Related documents
See, Say, Trace, Cover, Write, and Check (The Fernald Method)
See, Say, Trace, Cover, Write, and Check (The Fernald Method)
Slide 1
Slide 1
MS Exam: LINEAR ALGEBRA JAN. 1998
MS Exam: LINEAR ALGEBRA JAN. 1998
Download
advertisement