Facebook Twitter Linked In
 

X-Ways Software Technology
X-Ways Software Technology AG is a business incorporated under the laws of the Federal Republic of Germany as a stock corporation.

X-Ways is the leading developer and supplier of computer forensics software in Europe. Our software is used for computer forensics, electronic discovery, data recovery, low-level data processing, and IT security. Plus we offer computer forensics training and courses for our software and data recovery services.

Our main products WinHex and its forensic edition X-Ways Forensics have more than 35,000 registered users all over the world, including home computer enthusiasts as well as professionals in all kinds of businesses, public administration, education, U.S. federal law enforcement, government and intelligence agencies, and in the military. Excerpt from our official customer list (referenced with permission): Microsoft Corp., Hewlett Packard, Toshiba Europe, Novell Inc., National Semiconductor, Ontrack Data International Inc., KPMG Forensic, Ernst & Young, Siemens AG, Siemens Business Services, Siemens VDO AG, Infineon Technologies Flash GmbH & Co. KG, Lockheed Martin, BAE Systems, Ericsson, TDK Corporation, Seoul Mobile Telecom, German Aerospace Center, Visa International, Commerzbank AG, Technical University of Vienna, Technical University of Munich (Institute of Computer Science), Oak Ridge National Laboratory in Tennessee, German Aerospace Center, German federal bureau of aviation accident investigation, law enforcement agency of Lower Saxony, Australian Department of Defence.

Training & Events
X-Ways Software Technology
Forensics (3 day course)
Sorry there are currently no sessions scheduled for Forensics (3 day course).
Please let us know you are interested in this course.

X-Ways Software Technology
Forensics plus File Systems Revealed
Sorry there are currently no sessions scheduled for Forensics plus File Systems Revealed.
Please let us know you are interested in this course.


Capture

X-Ways Capture is a specialized computer forensics tool for the evidence collection phase of a forensic investigation which captures Windows and Linux live systems. It gathers all data from the running computer e.g. on an external USB hard disk, such that during the analysis even encrypted or otherwise protected data can be examined that was unlocked at the point of time when the system was acquired. 

  • X-Ways Capture searches for indications of known or unknown resident encryption software with different methods and reports them.
  • Detects active ATA hard disk password protection.
  • Dumps the physical RAM and the virtual memory of all running processes.
  • Acquires all connected media as either “dd” raw images or evidence files/.e01 files (physical acquisition), either mandatorily or depending on the results of the encryption and password protection checks.
  • Copies all readable files from all drives and directories to the target disk (logical acquisition), either mandatorily or depending on the results of the encryption checks.
  • All steps and settings are fully user-configurable in advance and can even be completely enabled or disabled.
  • You can expand the list of known encryption software products that X-Ways Capture will detect. Creates a thorough log of all findings and actions.

Resident encryption software such as “PGP Desktop” or “BestCrypt” can be detected by known program names or signatures. Encrypted, but currently unlocked containers/virtual drives will be successfully acquired when copying files logically. The same holds true for NTFS/EFS-encrypted files that the logged-on user can read. Fully encrypted hard disks (such as provided by software products like “SecureDoc” or “CompuSec”) or fully encrypted volumes (such as used by TrueCrypt or BitLocker) will be detected as such generically and successfully acquired by physical imaging, if currently unlocked.

X-Ways Capture consists of two modules, one for Windows 2000/XP*, the other for Linux (Intel x86 architecture each). X-Ways Capture is a command line program that utilizes little main memory. The language can be switch between English and German. X-Ways Capture is easy to use because once you have tailored its logic to your needs, it will always do all the work for you on its own when on site.

Compared to X-Ways Forensics, the specialties of X-Ways Capture are that it:

  • runs under Linux also, not only Windows
  • runs preconfigured steps automatically without additionally user interaction
  • automatically detects various encryption schemes/password protection
  • can optionally based on that make an intelligent choice about whether to acquire the system immediately and automatically while still running.

Important

The user needs to be aware of the fact that attaching another medium to a running computer and executing X-Ways Capture will slightly alter the system, at least a small amount of main memory. To keep X-Ways Capture as small as possible, it was designed without a graphical user interface. Like this it alters as little memory upon loading as possible. In order to safeguard protected data in a decrypted state, you have no other choice than putting up with such a minor alteration. Also please note that from the point of view of the operating system a hard disk may not be in an consistent state during a live acquisition (e.g. because temporary files were being in use). Dumping physical RAM and physically imaging media requires administrator/root rights.

Capture
Name
Organisation
Phone
Email
Enquiry
Verification Code:
 
Contact us
Australia:+61 (0)2 8012 9810
Singapore:+65 9297 1289
Customer Service:
Technical Support:
Training Bookings:
 
Register For the Fulcrum Newsletter HERE

© Fulcrum Management 2012
Name
Email
Organisation
Phone
Verification Code:
Name
Email
Organisation
Phone
Verification Code: