Tyrhex 4+
Yves Vandermeer
-
- Free
Screenshots
Description
In my extensive experience training IT forensics investigators about file systems and file systems artefacts, I have never found a tool that allows you to easily “explore” evidence, while still maintaining a byte-level view. To my knowledge, this tool does not exist. Therefore I had to develop it!
Tyrhex is based on the experience of file systems forensics practitioners. It can help users understand the main concepts of this practise, compare the results produced by other forensic software, investigate damaged devices and explain results in courtroom scenarios.
Core inovative concepts :
Ability to isolate certain byte strings, lock the offset you wish to use as reference, choose a particular unit and identify the value and possibly use this value to move by the value to a new position.
Historical bookmarking so that important data areas can be accessed later when referring to a particular stage of the analysis.
Ability to search for artefacts in damaged file systems and, by using the quick search features, create a virtual volume with estimated properties. The volume can alos be browsed as it is being repaired.
Automatic generation of colour coded combined with user defined bookmarks to support the explanation of findings and reverse engineering techniques
Provision of a detailled reporting system that can be used when comparing the results to the outputs of other forensic tools.
Strong objective-C classes used to analyse file systems and file system artefacts. These classes are not dependent of external algorithms, which is useful when crosschecking the results produced by other tools.
Used in a classroom, Tyrhex, provides visual support all logical structures that are embedded in file systems.
What’s New
Version 2.2
As reaction to latest terrorist attacks, and to support law enforcement efforts, Tyrhex becomes free.
2.2 :
- help now expanded, including all interface shortcuts and core concepts
- text reporting reviewed, including detailed report for data stream with allocation anomalies if any
- export text report to a text file using main menu
2.1 :
- exFAT "orphan" 32 bytes entries better handled
- blocks allocation checked when opening allocation details
2.0 :
- case file can now be open from the finder
- locked volume « Home » button allows to open straight root folder (NTFS, FAT, exFAT)
- enhanced file stream description in properties view
- MBR extended partition handled and Extend Boot Record automatically marked
- NTFS data runs color coded : compressed (red) and sparse (green)
- first FAT table location now automatically bookmarked for FAT16/32 and exFAT
- $Bitmap location now automatically bookmarked for exFAT and NTFS
- jump straight from one block to associated bitmap position and vice-versa
- FAT long file names now rebuild also for deleted entries
- exFAT fully implemented including bitmap allocation "file"
- exFAT deleted files can be recovered, including not overwritten fragmented ones
- enhanced exFAT entries detection on damaged volumes
- file system type detected or selected when analysing file entry shown in entry properties
- modification of allocated blocks for volumes « catalogs » file or file entries are now editable and stored. When modified, associated bookmark or volume entry is listed in red color
- when selecting an offset, existing bookmark and volume (if any) are automatically selected
Ratings and Reviews
An excellent tool for the fight against evil!
Ther developer of this tool should be proud of themselves. This is an excellent tool and so veryeasy to use. It gives you the quick information you need without having to fire-up your PC and run an expensive forensic tool. I am in law enforcement and have used this tool and taken it through the paces. I am thrilled with it and wish the developer would make more Mac based fornesic tools! Thank you Yves Vandermeer for your programming skills and dedication to forensics!
Impressively powerful data forensics tool.
Use it professionally (non-IT/legal) and will continue to do so as long as it is supported. Highly recommended.
But What Does it -Actually- Do??
There are plenty of words and pictures describing this application. Unfortunately none of them describe its features or uses. Categorized with Developer Tools, it looks like a hex editor. It is NOT a hex editor. The description of the app is a bizarre rant about IT forensics training, courtroom scenarios, "evidence" and case files. None of it describes anything to do with software development.
App Privacy
The developer, Yves Vandermeer, has not provided details about its privacy practices and handling of data to Apple.
No Details Provided
The developer will be required to provide privacy details when they submit their next app update.
Information
- Seller
- Yves Vandermeer
- Size
- 4.8 MB
- Category
- Developer Tools
- Compatibility
-
- Mac
- Requires macOS 10.9 or later.
- Languages
-
English
- Age Rating
- 4+
- Copyright
- © Yves Vandermeer
- Price
- Free