X-Ways C# X-Tension API

We’ve been quietly developing digital forensics tools and forensic software to assist in our analysis for almost 10 years, and until recently, all of that source code has been sitting around and collecting dust.  As time permits, we will be dusting it off, adding some updates, and releasing some of it to the public.

Think of it as our way of saying thank you to everyone who has written articles, published research, or contributed software/code to the forensic community.

These utilities are provided “as-is” and are free for both personal and commercial use. As with any software, including ours, you should always independently validate your findings.  Oh, and if you find any of our utilities useful, feel free to drop by @chadgough or @4Discovery on Twitter and say thanks. Bug reports and feature requests are always welcome!

X-Ways C# X-Tension API

Extend the functionality of X-Ways Forensics

Description

Starting with X-Ways Forensics v16.4 (released in early 2012), investigators have been able to automate and extend the functionality of X-Ways Forensics with X-Tensions. Since X-Tensions can be written in any programming language, the possibilities are endless. Source code for Visual Studio 2010 can be downloaded below or cloned from GitHub at https://github.com/chadgough/x-tensions

Helper Methods and Wrappers

In order to speed up development of new X-Tensions, we created some helper methods for commonly used operations.

XWFGetVolumeName 
XWFGetReportTableAssocs 
XWFGetSectorContents 
XWFGetItemType 
XWFGetVolumeInformation 
XWFSearchWithoutCodePages 
ReadItem(IntPtr hItem) 
GetFullPath(Int32 itemId) 
CreateFileFromExternalFile 
CreateSearchInfo

Features

  • This is a full feature compliant port of the C++ demo located here
  • All exported functions are present

C# X-Tensions API

  • Updated to support 16.9 X-Ways

References

X-Ways Forensics X-Tensions API Documentation