X-Ways Trace Prepared By: Leen F. Arikat Supervisor: Dr. Lo’ai Tawalbeh.

Slides:

Advertisements

Similar presentations

Intro to WinHex CSC 414.

Advertisements

Max Secure Software founded in Jan 2003 develops innovative privacy, security, protection and performance solutions for Internet users. The company is.

Microsoft Office 2007-Illustrated Introductory, Windows Vista Edition Windows XP Unit B.

Google Chrome & Search C Chapter 18. Objectives 1.Use Google Chrome to navigate the Word Wide Web. 2.Manage bookmarks for web pages. 3.Perform basic keyword.

MODULE 4 File and Folder Management. Creating file and folder A computer file is a resource for storing information, which is available to a computer.

Windows XP Basics OVERVIEW Next.

A Quick Review of Unit 2 – Using Windows 7 Computing Fundamentals © CCI Learning Solutions.

Return to the Office 2007 web page Lesson 3: Managing Computer Files.

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Getting Started with Windows ® XP 1 Getting Started with Windows ® XP By Robert T. Grauer Maryann Barber.

1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

The sequence of folders to a file or folder is called a(n) ________.

Operating Systems Day 3. Changing Date & Time 1.Double click on digital clock on the notification area of a task bar (Click start button, Click control.

Operating System & Application Files BACS 371 Computer Forensics.

OS and Application Files BACS 371 Computer Forensics.

Capturing Computer Evidence Extracting Information.

Microsoft Office Illustrated Fundamentals Unit B: Understanding File Management.

Module 1.4 File management. Contents Introduction Windows Explorer The need to organise More about files Working with files Test and improve your knowledge.

Chapter 7 Installing and Using Windows XP Professional.

 The operating system is essential for the computer; without it the computer could not work.  The main function of any operating system is being an intermediary.

Course ILT Folder and file management Unit objectives Explore the contents of a hard disk and view file and folder attributes by using Windows Explorer.

Computer Literacy BASICS: A Comprehensive Guide to IC 3, 5 th Edition Lesson 3 Windows File Management 1 Morrison / Wells / Ruffolo.

Project 3 File, Document, Folder Management, Windows XP Explorer Windows XP Service Pack 2 Edition Comprehensive Concepts and Techniques.

Microsoft Office 2003 Illustrated Introductory with Programs, Files, and Folders Working.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional.

Tutorial 11 Installing, Updating, and Configuring Software

1 Lesson 6 Exploring Microsoft Office 2007 Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

Introducing Dreamweaver MX 2004

Tutorial 1 Getting Started with Adobe Dreamweaver CS3

1 Chapter 2 & Chapter 4 §Browsers. 2 Terms §Software §Program §Application.

Getting Started with Application Software

WindowsXP Explorer The Explorer is a used to organize and control the files and folders of the different storage systems such as the hard drive, floppy.

Gorman, Stubbs, & CEP Inc. 1 Introduction to Operating Systems Lesson 4 Microsoft Windows XP.

Tutorial 1: Browser Basics.

Introduction To Windows Operating Systems Manipulating Windows GUI

XP. The Start menu New streamlined design No more “My” Recently programs now sport Jump Lists All Programs menu slides in and out of existing space Search.

With Windows 7 Introductory© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 Windows 7 Introductory Chapter 2 Managing Libraries Folders, Files.

Copyright © 2008 Pearson Prentice Hall. All rights reserved. 11 Committed to Shaping the Next Generation of IT Experts. Windows XP Robert Grauer, Lynn.

Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.

XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 1 1 Browser Basics Introduction to the Web and Web Browser Software Tutorial.

Computing Fundamentals Module Lesson 3 — Changing Settings and Customizing the Desktop Computer Literacy BASICS.

Exploring Microsoft Office 2007

Project 6 Advanced File and Web Searching. 2 CHAPTER OBJECTIVES  Begin a new file or folder search, save a search, and find a file using a saved search.

XP New Perspectives on Windows 2000 Professional Windows 2000 Tutorial 2 1 Microsoft Windows 2000 Professional Tutorial 2 – Working With Files.

Lesson 12: Using the Recycle Bin deleting files or folders what the Recycle Bin is restoring files from the Recycle Bin emptying the Recycle Bin identifying.

Windows and File Management

Review Windows XP/Vista/7. OS: Operating System The major tasks working on a operating system and Office 2010: Using GUI: The starting interface is desktop.

Microsoft Office XP Illustrated Introductory, Enhanced with Programs, Files, and Folders Working.

CMPF124: Basics Skills for Knowledge Workers Manipulating Windows GUI.

Return to the Office 2007 web page Lesson 3: Managing Computer Files.

Unit 2—Using the Computer Lesson 9 Windows and File Management.

Exploring Office 2003 Vol 1 2/e - Grauer and Barber 1 Committed to Shaping the Next Generation of IT Experts. Getting Started with Windows® XP Robert Grauer.

Windows XP Lab 2 Organizing Your Work Competencies.

Computer Literacy BASICS: A Comprehensive Guide to IC 3, 5 th Edition Lesson 3 Windows File Management 1 Morrison / Wells / Ruffolo.

CMPF124 Personal Productivity With Information Technology Chapter 1 – Part 2 Introduction to Windows Operating Systems Manipulating Windows GUI CMPF 124.

XP New Perspectives on Microsoft Windows XP Tutorial 2 1 Microsoft Windows XP Working with Files Tutorial 2.

Module 2 Part II Introduction To Windows Operating Systems Manipulating Windows GUI Introduction To Windows Operating Systems Manipulating Windows GUI.

1 Lesson 9 Windows Management Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

Tutorial 1 Getting Started with Adobe Dreamweaver CS5.

Chapter 2 – Introduction to Windows Operating System II Manipulating Windows GUI 1CMPF112 Computing Skills for Engineers.

Windows 7 and file management

Microsoft Windows 7 - Illustrated

Understanding File Management

Installing Software Tutorial 11.

Understanding File Management

Windows Internet Explorer 7-Illustrated Essentials

Lesson 9 Windows Management

Microsoft Windows 7 Basics

Microsoft Office Illustrated Fundamentals

Business Zone - Clearing your Cache

Presentation transcript:

X-Ways Trace Prepared By: Leen F. Arikat Supervisor: Dr. Lo’ai Tawalbeh

What is Computer Forensics Computer Forensics is defined as the science of collecting evidence that assists in discovering illegal activities implemented by any computer media. Computer Forensics is defined as the science of collecting evidence that assists in discovering illegal activities implemented by any computer media. Many Types of computer forensics tools have been launched lately; X-Ways Trace is an example of such tools. Many Types of computer forensics tools have been launched lately; X-Ways Trace is an example of such tools.

X-Ways Trace A computer forensics tool that allows to track and examine web browsing activity and deletion of files through the Windows recycle bin that took place on a certain computer. A computer forensics tool that allows to track and examine web browsing activity and deletion of files through the Windows recycle bin that took place on a certain computer.

X-Ways Trace 2.5 © 2003 X-Ways Software Technology AG Postal address: Carl-Diem-Str Bünde Germany address: Fax: First released in May 2003, last updated in April The following operating systems are supported: Windows 95/98/Me Windows 95/98/Me Windows NT 4.0 Windows NT 4.0 Windows 2000 Windows 2000 Windows XP Windows XP Product web site: Company homepage: /

How does X-Ways Trace work?  Deciphers Internet Explorer's ever- growing internal history/cache file index.dat. Displays complete URLs, date and time of the last visit, user names, file sizes, filename extensions, and more. Displays complete URLs, date and time of the last visit, user names, file sizes, filename extensions, and more. It allows to sort by any criterion It allows to sort by any criterion

How does X-Ways Trace work? Cont..  X-Ways Trace interprets the browser history file "history.dat" left behind by Mozilla/Firefox.  X-Ways Trace interprets the browser cache file "dcache4.url" produced by Opera.

How does X-Ways Trace work? Cont..  Reads from: One or more files you specify. One or more files you specify. Searches complete folders and subfolders. Searches complete folders and subfolders. Searches entire hard disks (or raw images of hard disks) in allocated space, free space, and slack space, or even, for traces of someone having surfed the Internet. Searches entire hard disks (or raw images of hard disks) in allocated space, free space, and slack space, or even, for traces of someone having surfed the Internet.

How does X-Ways Trace work? Cont..  Also deciphers the hidden Windows recycle bin file info2 located in every Recycled /Recycler folder. Displays the original path and filename Displays the original path and filename Displays date and time of deletion Displays date and time of deletion Displays file size, and more,sometimes even if the recycle bin has been emptied. Displays file size, and more,sometimes even if the recycle bin has been emptied.

X-Ways Trace features  All the details compiled by X-Ways Trace can be exported to MS Excel.  The files/disks examined by X-Ways Trace will not be altered by the examination.  The files/disks examined by X-Ways Trace will not be altered by the examination.  X-Ways Trace is part of Evidor, but can be ordered separately. Evidor

What is Evidor?  Evidor: Is a Software for lawyers, law firms, corporate law and IT security departments, licensed investigators, and law enforcement agencies. Evidor is a small subset of just the search functionality in X-Ways Forensics. Is a Software for lawyers, law firms, corporate law and IT security departments, licensed investigators, and law enforcement agencies. Evidor is a small subset of just the search functionality in X-Ways Forensics.X-Ways ForensicsX-Ways Forensics

What does Evidor do?  Evidor allows to search text on hard disks.  It retrieves the context of keyword occurrences on computer media, by examining all allocated space and also currently unallocated space called slack space.  It can even find data from files that have been deleted, if physically still existing.  Please note that Evidor cannot access remote networked hard disks.

X-Ways Trace implementation

File Menu  Open File Use this to open one or more index.dat files. Any file that is opened is automatically searched for MS Internet Explorer's log entries. Use this to open one or more index.dat files. Any file that is opened is automatically searched for MS Internet Explorer's log entries. Windows usually prevents you from opening the main index.dat file in the browser cache folder with Open File. Windows usually prevents you from opening the main index.dat file in the browser cache folder with Open File. Other index.dat files, such as the one in the Cookie subfolder of a user profile, can be accessed normally. Other index.dat files, such as the one in the Cookie subfolder of a user profile, can be accessed normally.

File Menu Cont..  Open Folder This command is used open and examine several files at the a time. Select a folder in which to open files. Subfolders are browsed optionally, too. This command is used open and examine several files at the a time. Select a folder in which to open files. Subfolders are browsed optionally, too.

File Menu Cont..  Open Disks X-Ways Trace allows you to access floppy and hard disks below file system level. You may access a disk either logically or physically. On most computer systems you can even access CD-ROM and DVD media. X-Ways Trace allows you to access floppy and hard disks below file system level. You may access a disk either logically or physically. On most computer systems you can even access CD-ROM and DVD media. A disk that is opened will be entirely searched for index.dat file records, including free space, slack space, Windows swap files, etc. A disk that is opened will be entirely searched for index.dat file records, including free space, slack space, Windows swap files, etc.

File Menu Cont..  Export: Allows you to save the currently displayed list as a tab-delimited text file e.g. for export to and further processing in MS Excel.  Exit: Use this command to end X-Ways Trace. The currently displayed list will be lost.

Edit Menu  Copy URL: Copies the full Internet address of the selected line of an index.dat file as plain text to the clipboard.  Copy Filename: Copies the full filename and path of the selected line of an info2 file as plain text to the clipboard.  Look up on Internet: Runs your Internet browser and points it to the address of the selected line, so you can check out that page or picture yourself, provided it is still available.

Edit Menu Cont..  Open in WinHex: Runs WinHex and opens the current file or logical drive. Only available if WinHex is installed on your computer.  Find Text: This command is used to search for the specified text (e.g. domain, file, or user name) of up to 50 characters in the current file or disk (cf. Search Options).  Continue Search: Lets you continue the last executed search operation in the current file or disk at the current position.

Edit Menu Cont..  Continue Global Search: This command is used to continue a global search operation in the next file.  Remove: Deletes the currently selected item(s) from the list. Does not delete the URLs from the open file or disk.  Convert to Local Time: Causes X-Ways Trace to adjust all date & time data to your local time zone, as defined in the Windows Control Panel.

Window Menu  Window Manager: Displays all windows and provides "instant window switching" functionality. You may also close windows.  Close All: Closes all windows and thus all open files and disks.  Close All Without Prompting: Closes all windows and thus all opened files and disks without giving you the opportunity to save your modifications.

Window Menu Cont..  Cascade/Tile: Arranges the windows in the aforementioned way.  Minimize All: Minimizes all windows.  Arrange Icons: This command arranges all minimized windows.

Help Menu  Contents: Displays the contents of the program help.  Setup: Lets you switch between the English, the German, and the French user interface.  Initialize: Use this command to restore the default settings of X-Ways Trace. Alternatively, delete the trace.cfg file before running the program.

Help Menu Cont..  Uninstall: Use this command to remove X- Ways Trace from your system.  Online: Opens the X-Ways Trace homepage ( or the support forum ( in your browser.  About WinHex: Displays information about WinHex (the program version, your license status, and more).