The XWF Internal Hash Database and the Registry Viewer

Abstract

This chapter details using hash sets to identify, compare, and optionally hide files based on known hash values. You can save a considerable amount of time when thorough hash sets are available for certain types of investigations. X-Ways Forensics (XWF) contains robust hashing capabilities that allow for quickly finding items of interest or eliminating nonpertinent files in a case. There is virtually no limit to the number of individual hash sets that you can create in XWF.

The second section of this chapter details the use of the XWF Registry Viewer, generating reports based on registry hives, and finally, including them in your main XWF report.