X-Ways Forensics.

A commercial Windows-based digital forensics suite by X-Ways AG, known for its speed, low system footprint, hex-level visibility, and broad filesystem support — a long-running mainstay of European law-enforcement and corporate DFIR labs. サイバーセキュリティの フォレンジックと IR カテゴリに属します。

A commercial Windows-based digital forensics suite by X-Ways AG, known for its speed, low system footprint, hex-level visibility, and broad filesystem support — a long-running mainstay of European law-enforcement and corporate DFIR labs.

X-Ways Forensics is a commercial Windows-only forensic platform developed by X-Ways AG (Germany) and widely used in law enforcement, government, and corporate IR labs in Europe and beyond. It descends from the hex editor WinHex and retains an unusually deep, low-level view of evidence: byte-level inspection, raw cluster mapping, manual interpretation of partition tables, custom file-system parsing, and full access to slack space, unallocated space, and damaged structures. Higher-level features include disk imaging, hash-set matching (NSRL and custom), file-type signature identification independent of extension, indexing for full-text search, registry parsing, gallery views, timeline building, $LogFile and $UsnJrnl parsing, full Volume Shadow Copy access, and report generation. Compared to EnCase or FTK, X-Ways is known for being lightweight (single executable, modest RAM/CPU needs), fast on large evidence, and offering very detailed manual control — at the cost of a more terse UI and a steeper learning curve. It supports a wide range of filesystems including NTFS, exFAT, FAT, ReFS, Ext2-4, HFS+, APFS, XFS, UFS, JFS, and several mobile formats via imports.

X-Ways Forensics に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: X-Ways, X-Ways Forensics suite。