FAQ

To request a quotation, I only need to know the name of your agency, the contact information for the main POC (Point of Contact), and the number of licenses needed. Email sales@jedsontech.com to request a quote, which will be returned by email. Once the quotation is approved, we will need a 'request' file for each license requested. This can be done by inserting each X-Ways Forensics dongle in turn, then running the DLL on a small case. The 'request' file for each dongle will have a unique name, so just copy them all back into an email to us with your formal request for an invoice. For a network license, only one request file will be required, as all users will have the same ID, and X-Ways Forensics will ensure that the number of licensed users is not exceed at any given time.

Once your request is received, you will be issued short term keys until payment is received, at which time 365 day keys will be issued. The ID of each dongle for which a license was purchased will be annotated on the invoice, and can be used to generate 'key' files in the future as a backup, or for a yearly renewal.

A Dynamic Link Library is a file that contains library functions that can be called by an executable or another DLL. Can be used to dynamically (i.e. at run-time) extend the capabilities of an application. Because it is loaded only when needed, and can be unloaded as desired, it can add functionality to an application without increasing the size of the main executable, and further, supports separate development efforts. Thus, the DLL can be updated independently of the executable, and vice-versa, unless new functions are added that are required by one or the other.

For our DLL's, there is a distinction between 'versions' and 'variants':

• • A 'version' is essentially an update from the previous release that contains bug fixes or new features

  • A 'variant' is internally significantly different as it supports a different processing chain, report file types, or end-user application. For example, the baseline 'variant' which supports 'C4All' creates much different report files than the 'variant' designed for Semantics 21.

If you have an issue with the operation of the DLL, or think you may have found a bug, please let me know via email at software@jedsontech.com. It will be very helpful if you attach the generated reports (XML and TXT files), and generally you need only provide snippets of those if they become too large: information at the beginning and end of the XML export is essential, but repetitive file information is not required. Also, using the logging feature described below will produce a TXT file that captures the internal processing of the DLL and may be required as well.

If you run the DLL as the baseline version (i.e. without a valid and current licenses 'key' file), the DLL will create a 'request' file (with the format 'XwaysKPF_NewKey_XXXXXX.req' or 'Semantics21_NewKey_XXXXXX.req') where 'XXXXXX' are the first 6 characters of the X-Ways license ID (which itself is 32 hexadecimal digits). The file also contains the time the file was generated, as well as the variant of the DLL and number of simultaneous users if the X-Ways license is network based. This 'req' file can also be generated manually by clicking the 'Full Version Info' button on the main DLL dialog, then clicking 'Generate' on the subsequent dialog. The 'req' file will again be generated in the same folder as the DLL itself. This folder can also be opened directly by clicking the 'Open Folder' button on the same dialog.

With the exception of the file extension 'key', the name of the key files are not important. All of the pertinent information (dongle ID, variant, expiration date, etc) is encrypted within the data contents of the file. Feel free to rename your file to anything you prefer in order to keep track of your key. Just leave the file extension (i.e. 'type') alone. Note that the DLL will automatically rename the extension to 'key_expired' when it encounters a key file that has in fact expired. None of the content is changed, so renaming it back to a 'key' file will cause the DLL to verify is once again the next time it is run.

I do not pass on any email addresses to any other person, business, entity, etc. Further, when I send out my version update notification via 'mass emailing', I put all email recipients in the BCC (Blind Carbon Copy) field so that your email addresses are protected, even from one another.

The set of image types supported by the X-tension include (grouped for clarity, and in no particular order):

• • "jpg", "bmp", "emf", "gif", "jp2",

  • "jpe", "jpeg", "jpx", "psd", "png",

  • "tif", "tiff", "dng", "arw", "sr2",

  • "srf", "cr2", "raf", "nef", "nrw",

  • "orf", "rw2", "heic", "ktx", "raw" and "webp"

Video types supported (i.e. fully processed) by the X-tension correspond to the types originally supported by the baseline 'C4All' variant (XwaysKPF_x64). These include (grouping for clarity):

• • "mp4", "mpeg", "mpg", "avi", "mov",

  • "mp2v", "m2v", "m2ts", "m2t", "wmv",

• "flv", "3g2", "3gp", "3gpp", "mkv",

• "m1v", "m4v", "f4v", "3ga" and "mts"

Additional video types supported by the full key include (again, grouped simply for clarity):

• • "4x", "4xm", "60d", "ajp", "amv",

  • "arf", "asf", "bik", "bnk1", "bvr",

  • "camrec", "csmil", "cwm", "dat7", "dav",

  • "dce", "dcr1", "divx", "dmb", "dsm",

• • "dv", "dv4", "dvr-ms", "dxr", "eye",

  • "flc", "fli", "flv2", "gmv1", "irf",

  • "ismv", "ivf", "ivr", "mj2", "mjpg",

  • "mpe", "mpv", "mqv", "mtv", "mvd",

  • "mvp", "mxf", "mxv", "nsv", "nut",

  • "nuv", "ogm", "ogv", "ogx",

  • "omf", "otrkey", "pmf1", "qt", "r3d",

  • "rm", "rmvb", "roq", "rv", "rvx",

  • "scm", "smk", "tivo", "ts", "ub1",

  • "vcr", "vem", "vfo", "vgz", "viv",

  • "vob", "voc", "vp6", "vro", "vse",

  • "webm", "wp3", "wtv", "xesc" and "zmv"

For housekeeping reasons, we maintain a copy of all past versions of the DLL, such as 'XwaysKPF_x64_v3.6.8.c.dll', where the version number is '3.6.8.c'. If you download a new 'numbered' version of the DLL, you will need to carefully select the correct version when you call the DLL from within X-Ways Forensics. To simplify updates, simply download the 'base' version (XwaysKPF_x64.dll) into the same location as the previous version and you are good to go. Normally, applications and DLL's store their registry information by company name and application/DLL name, in which case you would end up with entries for each version you have run, and the stored settings from one version will then not propagate when the updated version is run. These DLL's will write to the same registry key, regardless of version number. Each variant has its own key, which every version of that variant then shares. To receive notifications when new versions are released, please follow this link and submit your email address and agency information.

One of the key features of the DLL is to use the report table associations setup in X-ways to count the number of notable and irrelevant files. To accomplish this, the table names need to adhere to a few certain rules so that the DLL can properly extract (or parse) the category number from the table name:

• • Table names need to start with 'Category', 'Cat' or the specific name 'NSRL'. For these three names, upper or lower case can be used and is ignored. Thus 'CAT', 'Cat' or 'cat' are acceptable, and even 'CaTeGoRy' for those who are challenged by the keyboard;

  • The category number (for the first two options) can immediately follow the text, or have a single space prior to the number. Thus 'Cat1' and 'Cat 1' are both valid, but 'Cat 1' is not. Numbers after 'NSRL' are ignored;

  • Any characters after the number (please use a space after the number) are ignored. So 'Cat 1 ProjectVIC' would still be parsed as a 'category 1' table; and

  • Starting in Version 3.6.12.k, you will now be able to put text in front of 'Cat', 'Category', etc, as long as a space ' ' separates the words. Thus, 'ProjVIC Cat 3' or even 'Project VIC Cat 3' will be parsed correctly, but not 'ProjVicCat 3'.

A 'jxb' (Jedson encrypted binary) file is an encrypted version of any file type such that it can be passed through email and company firewalls. The encryption of the original file is based on the AES standard, and a header (also encrypted) is pre-pended to the 'jxb' file to contain the following information about the original un-encrypted file:

• • Original file length;

  • Creation, modification and access times of the original file;

  • File name and extension of the original file (but not the original folder path);

• Attributes (read-only, hidden, etc) or the original file; and

• CRC32 (32-bit Cyclic Redundancy Check) of the original file contents, ensures file was not corrupted at the byte or even bit level.

Since the 'jxb' file contains the original filename, the 'jxb' file can be conveniently renamed to anything the sender desires for clarification, but when decrypted using Jedsonite.exe or JedsoniteDC.exe the resulting file will have the name, file times and attributes of the original, thus duplicating as close as possible the original file.

Because of the encrypted header of the 'jxb', the encrypted file can even be renamed with a different extension, or remove the extension altogether. In either case, when the encrypted file is dropped onto either the Jedsonite or JedsoniteDC icons, the file will be identified as an encrypted file and decrypted. For this reason, I refer to any file encrypted by Jedsonite.exe as a 'jxb' file, regardless of the extension used by the person doing the encryption.

This application is designed to sit on your desktop and act as a drag-and-drop decrypter of 'jxb' files or any file encrypted with Jedsonite.exe. If you double-click on the application (as opposed to dragging a file onto the app) a small dialog box will open and allow the user to set the option of deleting the 'jxb' file following de-cryption.

The dialog will also give the user the option of registering the application with the Windows shell (if not already in the registry) or remove the current file association (if already in register). When registered in the shell, any 'jxb' files will be displayed with the JedsoniteDC icon and the user can simply double-click on that file to run the decryption. Note that the encrypted 'jxb' file does NOT need to be in the same folder (or drive) as JedsoniteDC.exe: the decrypted file will be created in the same folder as the 'jxb' file. A link to JedsoniteDC.exe will also be added to the 'Send To' folder which adds the ability of the user to right-click on a single or multiple files and decrypt them by selecting JedsoniteDC on the resulting context menu. Also, you can drop mulitple 'jxb' files onto the JedsoniteDC icon at the same time.

If a file is found to be corrupted (based on the CRC32 calculation) a warning dialog will be presented to the user, he decrypted file will not be saved, and the encrypted file will not be deleted (regardless of user preference).

Get JedsoniteDC here, and you will find it in same repository as the older Xways DLL's here. Or you can go to the bottom of the Revision History page and download the file JedsoniteDC.zip, then unzip (it is a compressed Windows folder) and move to your preferred folder. In either case, if you double-click the icon the setup the registry association and you subsequently move the JedsoniteDC.exe file, you will need to re-register the file association.

At this point, Jedsonite.exe is not being distributed, sold, traded, etc. It is currently only in the hands of myself, my chief field tester and some other business partners. If demand dictates, I may rethink how to distribute this utility, for a very small fee. Please email me at sales@jedsontech.com if you want to inquire about, or comment on Jedsonite.exe.