X-Ways Forensics.

A commercial Windows-based digital forensics suite by X-Ways AG, known for its speed, low system footprint, hex-level visibility, and broad filesystem support — a long-running mainstay of European law-enforcement and corporate DFIR labs. Es gehört zur Kategorie Forensik und Incident Response der Cybersicherheit.

A commercial Windows-based digital forensics suite by X-Ways AG, known for its speed, low system footprint, hex-level visibility, and broad filesystem support — a long-running mainstay of European law-enforcement and corporate DFIR labs.

X-Ways Forensics is a commercial Windows-only forensic platform developed by X-Ways AG (Germany) and widely used in law enforcement, government, and corporate IR labs in Europe and beyond. It descends from the hex editor WinHex and retains an unusually deep, low-level view of evidence: byte-level inspection, raw cluster mapping, manual interpretation of partition tables, custom file-system parsing, and full access to slack space, unallocated space, and damaged structures. Higher-level features include disk imaging, hash-set matching (NSRL and custom), file-type signature identification independent of extension, indexing for full-text search, registry parsing, gallery views, timeline building, $LogFile and $UsnJrnl parsing, full Volume Shadow Copy access, and report generation. Compared to EnCase or FTK, X-Ways is known for being lightweight (single executable, modest RAM/CPU needs), fast on large evidence, and offering very detailed manual control — at the cost of a more terse UI and a steeper learning curve. It supports a wide range of filesystems including NTFS, exFAT, FAT, ReFS, Ext2-4, HFS+, APFS, XFS, UFS, JFS, and several mobile formats via imports.

Schutzmaßnahmen gegen X-Ways Forensics kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.

Übliche alternative Bezeichnungen: X-Ways, X-Ways Forensics suite.