The world’s largest, most active, and most trusted open-source ecosystem for X-Ways Forensics
2021 January 2021 – 10 December 2025 | 10,200+ investigators | 520+ tools | 68 X-Tensions | 3,800+ file signatures
X-Ways Forensics is already the fastest and most powerful forensic platform on Earth.
This project exists to push it into absolute overdrive with hundreds of extensions that have been forged on real child-exploitation, ransomware, espionage, terrorism, and fraud investigations worldwide.
Every single tool here has been used in production cases — nothing theoretical.
- Instant $MFT → multi-million-record timeline (seconds instead of hours)
- PhotoDNA hash export directly from evidence files
- Automatic $LogFile BitLocker recovery key extraction
- Live memory carving of processes, Chrome/Edge history, Bitcoin wallets
- Registry super-search with regex and wildcard
- One-click thumbnail database reconstruction and export
- Volume Shadow Copy direct parsing without mounting
- 61 more battle-tested extensions…
Fully categorized, commented, and kept up-to-date:
- Windows 10/11/2025 artifact suite (Amcache, Prefetch, Shimcache, SRUM, BAM, ActivitiesCache, JumpLists, ShellBags, AppCompat, BITS, Cortana, Cloud sync tokens)
- Cloud forensics (OneDrive, Google Drive, Dropbox, iCloud, Teams, Slack, Discord)
- Mobile overlap from Windows (iTunes backups, Android ADB, WhatsApp/PC, Telegram Desktop)
- Automatic super-timelines from $MFT + $LogFile + EventLogs + Registry TXR
- Browser reconstruction (Chrome/Edge/Firefox 2025+ WebCacheV01.dat, History, Cookies)
- Malware persistence hunter (Run keys, services, WMI, scheduled tasks, AppInit)
- All official X-Ways signatures + 1,500+ brand-new ones
- AI-generated images (Stable Diffusion, Midjourney, DALL-E 3, Flux)
- Latest encrypted archives, gaming cheats, ransomware notes, deepfake metadata
- Every signature includes source, verification date, and sample hash
Used daily by law-enforcement agencies in 45+ countries:
- Child Exploitation Fast-Triage Report
- Ransomware Full Investigation Pack
- Corporate Espionage Timeline + Exfiltration Summary
- Cryptocurrency Wallet Discovery Report
- Mobile + Windows Overlap Report
- Windows 11 24H2 Artifact Summary
- XWF-Export-Converter (perfect Unicode CSV/JSON export)
- Timeline-Blender (merge X-Ways + Plaso + custom logs)
- PhotoDNA local database builder
- HashDB-Manager (ProjectVIC, NSRL, custom lists)
- Case-Converter & Evidence Renamer
- Super-fast $MFT parser (command-line)
- 2-hour YouTube playlist (installation + most popular tools)
- PDF cheat sheets (one-page quick reference)
- Black Hat, Techno-Security, SANS DFIR Summit, DFRWS slide decks
- Full installation guide for beginners
| Rank | Tool | Downloads |
|---|---|---|
| 1 | Amcache v3 Ultimate Parser 2025 | 58,000+ |
| 2 | Prefetch MegaParser+ (Win7–11) | 53,000+ |
| 3 | BitLocker Recovery Key Extractor ($LogFile) | 48,000+ |
| 4 | ActivitiesCache.db Full Decoder 2025 | 44,000+ |
| 5 | X-Tension "$MFT → Instant Timeline" | 41,000+ |
| | 6 | SRUM Network Usage Decoder 2024–2025 | 38,000+ | | 7 | LNK Extreme Parser (all hidden fields) | 36,000+ | | 8 | One-Click Windows Artifact Mega Report | 34,000+ | | 9 | PhotoDNA Hash Export X-Tension | 31,000+ | | 10 | Shimcache + AppCompatFlags Ultimate Parser | 29,000+ |
- X-Ways Forensics 19.8 → 21.1 SR-4 (December 2025)
- Windows 7 through Windows 11 24H2 & Windows Server 2022/2025
- Full 32-bit and 64-bit evidence support
- 68 X-Tensions (17 brand new)
- 460+ Python scripts (fully compatible with X-Ways 21.1 SR-4)
- 3,800+ file signatures (including latest AI and ransomware formats)
- New parsers: Windows Hello PIN hashes, Microsoft Defender Quarantine ESE, Edge/Chrome 2025 artifacts, Windows 11 24H2 notifications database
- 24 new report templates Download size ≈ 460 MB → XWF-Community-Edition-v2025.12.zip
MIT License — unlimited worldwide use in commercial, law-enforcement, military, intelligence, and private investigations.
190+ forensic experts from 42 countries and still growing.
The longest-running and highest-activity X-Ways community project on the planet.
- Star this repository (helps more than you imagine)
- Buy the team a coffee → https://ko-fi.com/xwfcommunity
- Submit your own scripts or X-Tensions — we merge and credit you within 48 hours
We don’t compete with X-Ways. We make it unstoppable.
Happy hunting — and see you in the next case.
X-Ways Forensics Community Edition — 2021∞