This post was originally written 27 August 2021 for Professor Leinecker's Digital Forensics I course.
This paper will discuss my experience with WinHex. I do not own the product yet, however I have read up on the software and watched videos of it in action. To begin, it seems when you open a file or examine a drive, you can view the raw hex of it. I am not too sure when this would come in handy, but my guess would be in defeating steganography efforts. What seems really cool however, is the ability to edit the hex values. This would allow you to change the contents of a file at such a low level, that you may be able to obfuscate the original data or alter it in a non-human-readable way, however this is just speculation.
I am curious about how the software is able to recover deleted data. I do not know enough yet to make much more than an educated guess on how the process works, but I would image it may look at recently modified sections of memory and somehow reverse engineer what the memory was to its original state (maybe factoring in the time since modification, or performing an inverse function of some sort, i.e. if deleted data puts the bits through a deletion algorithm: put them through the inverse of said algorithm.)
I would like to see if the software can be used in Capture The Flag challenges. This is a hobby of mine, and if WinHex could assist in file-recovery focused CTF challenges, or steganography-focused ones, then it would give me a leg-up on the competition. Again, not knowing much about the software makes it difficult to speculate, but I would imagine that WinHex will eventually be either put in a suite of tools that all come pre-baked into a Digital Forensics suite, or it will eventually be replaced by an open-source free version.