Author: PassMark Software
Date: 08/20/2014 04:11 AM
Size: 53.0 MB
Requires: Win 8 / Win 7 / Vista/ XP
Downloads: 12048 times
[ Comments Screenshots ]
TIP: Click Here to Repair/Restore Missing Windows OS Files
Report a Bad Link
Find files quickly
OSForensics allows you to search for files many times faster than the search functionality in Windows.
Results can be analyzed in the form of a file listing, a Thumbnail View, or a Timeline View which allows you to determine where significant file change activity has occurred.
Search within Files
If the basic file search functionality is not enough, OSForensics can also create an index of the files on a hard disk. This allows for lightning fast searches for text contained inside the documents. Powered by the technology behind Wrensoft's acclaimed Zoom Search Engine.
Search for Emails
An additional feature of being able to search within files is the ability to search email archives. The indexing process can open and read most popular email file formats (including pst) and identify the individual messages.
This allows for a fast text content search of any emails found on a system.
Recover Deleted Files
After a file has been deleted, even once removed from the recycling bin, it often still exists until another new file takes its place on the hard drive. OSForensics can track down this ghost file data and attempt to restore it back to useable state on the hard drive.
Uncover Recent Activity
Find out what users have been up to. OSForensics can uncover the user actions performed recently on the system, including but not limited to:
Collect System Information
Find out what's inside the computer. Detailed information about the hardware a system is running on:
and much more. Powered by Passmark's SysInfo DLL.
View Active Memory
Look directly at what is currently in the systems main memory. Attempt to uncover passwords and other sensitive information that would otherwise be inaccessible.
Select from a list of active processes on the system to inspect. OSF can also dump their memory to a file on disk for later inspection.
Extract Logins and Passwords
Recover usernames and passwords from recently accessed
websites in common web browsers, including Internet Explorer, Firefox, Chrome and Opera.
Images/drives without valid partition/file system info (ie. boot sector) can now be added to the case. This allows the drive to be viewable using the Raw Disk Viewer.
Added support for indexing extracted binary text from "hiberfil.sys" and "pagefile.sys" (not limited by max file size limit)
Fixed stemming problems during indexing
Fixed bug with updating indexing status causing small indexing jobs to report no files being indexed
Fixed bugs with identifying misnamed ZIP files during indexing
Updated Engine/CGIs to V7 build 1008
Image search results that are nested in archives are now displayed in the 'Images' tab
Image search results that are nested in archives are now displayed with an 'archive' overlay on the top left corner of the icon
Fixed bugs with accented characters in search result URLs
Fixed bug with opening search results in the Internal Viewer
Deleted Files Search
Fixed bug in file carving of .mov files (was including 4 additional bytes in the end, now removed)
Fixed file carving of .pdf files. Will now check buffer for four known combination for end markers. If not found, will default to look for %EOF.
Fixed scanning of deleted files on mounted drives without partition information
Raw Disk Viewer
Fixed divide by error bug when performing a raw disk search on a disk with sector size = 0
Fixed partition info in the Decode window not being updated correctly when a new disk is loaded
Module Will now load on first use instead of loading on startup. Starting Page is now set to about:blank (was set http://www.osforensics.com ). This minmises the impact on a live target system when running OSF from a USB drive.
Fixed image stored in the alternate stream of a file not being displayed
Fixed bug with FAT file system parsing caused by truncating errors when calculating cluster offset. This could prevent some FAT partitions from being mounted when the FAT partition's starting offset was a long way from the start of the disk.
Added debug statements to FAT file system parsing (when DEBUGMODE mode is enabled)
Added debug statements when there are NTFS file system parsing errors in applying fixup values to MFT and index records (when DEBUGMODE mode is enabled)
Updated WinPEBuilder.exe to include more debug messages.
There is a Free edition of the software and a Professional edition for commercial and government use. The professional version is $499.00.
Screenshot for OSForensics
Like it? Love it? Leave a comment below. Please note that comments requesting support or pointing out listing errors will be deleted. Visit our Support Forums for help or drop an email to mgnews @ majorgeeks.com to report mistakes. Thank you!
comments powered by Disqus
comments powered by Disqus
MGID NEWS FEED: