This paper presents strengths and shortcomings of WinHex Specialist Edition (version 11.25 SR-7) in the context of the overall digital forensics process, focusing on its ability to preserve and examine data on storage media. No serious problems were found during non-exhaustive testing of the tool's ability to create a forensic image of a disk, and to verify the integrity of an image. Generally accepted data sets were used to test WinHex's ability to reliably and accurately interpret file date–time stamps, recover deleted files, and search for keywords. The results of these tests are summarized in this paper. Certain advanced examination capabilities were also evaluated, including the creation of custom templates to interpret EXT2/EXT3 file systems. Based on this review, several enhancements are proposed. In addition to these results, this paper demonstrates a systematic approach to evaluating similar forensic tools.