X-Ways
·.·. Computer forensics software made in Germany .·.·
 
 

X-Ways Investigator

X-Ways Investigator
21.0

X-Ways Investigator icon

Downloadable
only for customers
(latest download instructions here)

X-Ways Investigator is a powerful investigation/document analysis/report generation application for law enforcement, intelligence agencies, and the private sector. It runs under Windows. It was designed for investigators who are specialized in areas such as accounting, building laws, money laundering, corruption, homicide, child pornography, etc., also for investigative analysts, agents, attorneys, paralegals, prosecutors, internal and external auditors, for the analysis part of computer forensics and electronic discovery. X-Ways Investigator is based on X-Ways Forensics and is a subset thereof. It's simplified user interface offers much fewer technical options and less technical functionality than WinHex and X-Ways Forensics, so that investigators can better concentrate on the matter at hand.

X-Ways Investigator is part of a certain philosophy: Splitting up the workload into preparatory work done by forensic computing specialists (computer forensic examiners) with X-Ways Forensics and investigative work done by investigators can be a pivotal change, greatly accelerate the forensic process and improve its quality. It reduces the computer specialists' workload by allowing the investigators to take over much earlier.

More information about X-Ways Investigator, the collaboration model, and the benefits of evidence file containers here.

X-Ways Investigator comes at less than half the price of X-Ways Forensics, and considerable volume discount for higher quantities is available. We recommend X-Ways Investigator to organizations that already use X-Ways Forensics, not necessarily as a stand-alone product! We also recommend it as a review platform for evidence data that has already been processed using X-Ways Forensics. If before you buy you would like to know precisely how the X-Ways Investigator user interface looks like and what it can do, please enable the X-Ways Investigator GUI in the General Options dialog window in X-Ways Forensics. The degree to which the user interface is reduced and simplified is largely customizable. X-Ways Investigator does not come with its own manual and program help, instead the manual and help of WinHex/X-Ways Forensics is used.

Feature overview:

  • Case management, logging
  • Automated reports that can be imported and further processed by any other application that understands HTML, such as MS Word
  • File viewer for hundreds of file formats included
  • Ability to print documents with all file metadata on a cover page
  • Can natively read media/images with these file systems: FAT12/16/32, TFAT, exFAT, NTFS, Ext2/3/4, CDFS, UDF, HFS, HFS+, APFS, XFS, BtrFS, QNX, ReiserFS, Reiser4, UFS, UFS2
  • Can interpret raw image files and .e01 evidence files
  • A natural choice to examine the files assorted in evidence file containers with X-Ways Forensics
  • Ability to run powerful keyword searches, both conventional and index searches (indexes created with X-Ways Forensics)
  • Search hit listings with context preview, e.g. like “all search hits for the search terms A, B, and D in MS Word and MS PowerPoint files below \Documents and Settings with last access date in 2004”
  • Gallery view for pictures, Calendar view for timestamps
  • Ability to associate comments about files for inclusion in the report or for filtering
  • Ability to tag files and add them to customized report tables of notable items
  • Directory tree on the left, ability to explore and tag directories including all their subdirectories
  • Powerful dynamic filters based on filename, true file type, timestamps, file size, comments, report tables...
  • Recursive view of all existing and deleted files in all subdirectories
  • Skin color detection (e.g. a gallery view sorted by skin tone contents greatly accelerates a search for traces of child pornography)
  • Interface for PhotoDNA (only for law enforcement), which can recognize known pictures (even if stored in a different format or altered!) and can return the classification (“CP”, “relevant”, “irrelevant”) to X-Ways Investigator
  • ... and much more

 

X-Ways Investigator
CTR

X-Ways Investigator icon

X-Ways Investigator CTR is an even further reduced version of X-Ways Investigator, which can open only the evidence file containers of X-Ways Forensics and X-Ways Investigator (raw format or .e01 evidence file), no other images and no disks/media. X-Ways Investigator CTR is suitable exclusively as an add-on to X-Ways Forensics when splitting up the analysis work across multiple investigators/specialist or when providing files in containers to lawyers or other people involved in the case, like an extremely powerful viewer program for containers. Findings can be exported from X-Ways Investigator CTR and imported back into the main case in X-Ways Forensics if desired.

Further limitations compared to X-Ways Investigator:

  • hash computation and hash database not available
  • menu commands for exporting lists/subtrees not available
  • only option to refine the volume snapshot: metadata extraction
  • attaching external files not possible
  • GREP syntax not supported for searching
  • case log not included in case report
  • internal ID columns missing

All this for a price less than half of X-Ways Investigator. To verify what functionality exactly is available in X-Ways Forensics CTR, you can activate the user interface of X-Ways Investigator CTR in the General Options dialog window in X-Ways Forensics.

 

Newsletter subscription
Would you like to be kept informed of updates? Please enter your e-mail address:

Previous newsletter issues here.

News


Screenshot