v19.9 was just released ( Nov 14, 2019 ). Additional improvements:

* Ability to detect Windows 10 PE as a platform.

* Some more improvements for high DPI settings.

* Improved logic for the search hit filter: Ability to focus on search hits whose context does NOT contain a certain word. Ability to logically combine all filter options with a logical OR or AND.

* Context menu command to unmark all search hits in the evidence object(s) represented by the current data window as notable. This allows for incremental filtering. Example: You filter for search hits whose context contains the word "Hello". Then you mark those hits as notable (Ctrl+A plus context menu command). Then you filter for search hits that are notable AND contain the word "Hey". Then you unmark all search hits (even those that are currently not listed), which has no immediate effect on the presented list, and mark those that are listed as notable. The result is that all search hits that contain both "Hello" and "Hey" in their context are now marked as notable.

* Images of a case are now found automatically in the case directory if they are not remembered to be there previously (this condition existed in earlier versions). This works even if the path of a case has changed.

* A dedicated case-specific default path for images can now be defined in the properties of a case, which then overrides the generic default path for images. The case-specific path may be a relative path, where a . refers to the case directory and .. to the parent directory of the case directory. Please note that for performance reasons it can be advisable to store cases and images on different physical storage devices. If you define a case-specific image path in v19.9 and open the case in v19.8 or earlier, you will get a warning about unknown data being ignored and lost, but can still work with that case in the older version.

* Merely switching from one data window to another, for example using the tab control, does not highlight the evidence object or its current directory in the Case Data window any more if Sync mode is disabled in the Case Root window. The Case Root window does not support directory navigation, hence its newly introduced Sync button can have this special meaning.

* Ability to uncover JPEG objects in PDF documents with a certain wrong encoding.

* Some minor improvements.

SR-1 ( Nov 24, 2019 ):

* Fixed usage of predefined Project Vic categories.

* PDF conversion failed for certain extracted files. That was fixed.

* Some timestamps in UTC were displayed in v19.9 as if they were stored in local time. That was fixed.

* Fixed an exception error that could occur in v19.9 when extracting internal metadata specifically without "Content created" timestamps.

* Fixed an exception error that could occur when extracting metadata from certain QuickTime video files.

* Fixed screenshot paths in the activity log of cases created with v19.9.

SR-2:

* Updated RunCount interpretation in Prefetch files based on Windows 10 versions 1903 and 1909.
* On request (after prompting the user), accepts certain malformed Ext* superblocks as valid.
* Recognizes Ext4 volumes with the bigalloc feature as Ext4.
* More precise type classifications of events extracted from WebCacheV01.dat files as Cookie timestamps and modification timestamps.
* Avoided indexing interruption by "Numeric limits exceeded" error in v19.8 and v19.9.
* New notation option that uses a special backslash character in paths in order to force path components to be displayed strictly in left-to-right order even if multiple consecutive components are in Arabic or Hebrew. Currently this has an effect in the Path columns of the directory browser, the caption line of the directory browser, and the path line in the Info Pane.
* Internal graphics viewing library updated for PNG.
* Avoided certain unnecessary reminders to use the latest version of the viewer component.
* Fixed occasional change of the "Omit unchecked/unselected items" setting of textual dialog window representations.
* Several minor improvements.

FYI, "converting" individual original PDF documents to PDF format for report generation or during Recover/Copy can make sense to security-minded users because it will not transfer potentially malicious JavaScript code from the original files to the newly generated PDF files.

SR-3:
* Fixed reset of the amount of memory used for indexing when the dialog window with the settings was opened.
* Fixed potential rejection of indexes as invalid.
* Prevented some loss of functionality that could occur when parsing certain misidentified CDFS data structures.
* APFS: Unnecessary repeats of the message informing the user about unsupported high Catalog IDs are now avoided.
* The option to omit unselected items in dialog windows from text representations does not have an effect on checkboxes and radio buttons any more, only lists.
* That option is now more prominently shown in the Case Properties dialog window for textual screenshots of the case's activity log.
* Output of a reserved backward compatibility GUID variant by Microsoft in the Data Interpreter and in templates.
* Some other minor improvements.
* Supersedes expiring previous service release.
* The files Indexer.exe and Indexer64.exe were updated in the download.
* Works with 4095 MB RAM per indexing thread as suggested by the GUI, insted of just 4000 MB at maximum.
* Fixed search in indexes that were spread across two drives because of storage space issues.

SR-4:
* Fixed problem with exchanging clipboard data between multiple simultaneous instances.
* Fixed certain unsuccessful index searches for sequences of Asian language characters.

WinHexForensic_crk_xw_forensics_19.9_SR-6

xw_forensics_19.9_SR-6

xw_forensics_20.0_Preview 6

xw_viewer_854_18.04.2020

MPlayer