OSForensics is a new
digital investigation tool which lets you extract forensic data or
uncover hidden information from computers. OSForensics has a number of
unique features which make the discovery of relevant forensic data even
faster, such as high-performance deep file searching and indexing,
e-mail and e-mail archive searching and the ability to analyze recent
system activity and active memory. OSForensics can build and let you
view an events timeline which shows you the context and time of
activities. You can even recover data and files that have been deleted
by users. OSForensics comes with a built-in file viewer which lets you
examine a file contents, properties and meta-data, as well as an e-mail
viewer which is compatible with most popular mail client formats.
Search within Files
If the basic file search functionality is not enough, OSForensics can also create an index of the files on a hard disk. This allows for lightning fast searches for text contained inside the documents. Powered by the technology behind Wrensoft's acclaimed Zoom Search Engine.
Search for Emails
An additional feature of being able to search within files is the ability to search email archives. The indexing process can open and read most popular email file formats (including pst) and identify the individual messages.
This allows for a fast text content search of any emails found on a system
Recover Deleted Files
After a file has been deleted, even once removed from the recycling bin, it often still exists until another new file takes its place on the hard drive. OSForensics can track down this ghost file data and attempt to restore it back to useable state on the hard drive.
Uncover Recent Activity
Find out what users have been up to. OSForensics can uncover the user actions performed recently on the system, including but not limited to:
Opened Documents
Web Browsing History
Connected USB Devices
Connected Network Shares
Collect System Information
Find out what's inside the computer. Detailed information about the hardware a system is running on:
CPU type and number of CPUs
Amount and type of RAM
Installed Hard Drives
Connected USB devices
and much more.
View Active Memory
Look directly at what is currently in the systems main memory. Attempt to uncover passwords and other sensitive information that would otherwise be inaccessible.
Select from a list of active processes on the system to inspect. OSF can also dump their memory to a file on disk for later inspection.
Extract Logins and Passwords
Recover usernames and passwords from recently accessed websites in common web browsers, including Internet Explorer, Firefox, Chrome and Opera.
What's New:
• Case Management
Search within Files
If the basic file search functionality is not enough, OSForensics can also create an index of the files on a hard disk. This allows for lightning fast searches for text contained inside the documents. Powered by the technology behind Wrensoft's acclaimed Zoom Search Engine.
Search for Emails
An additional feature of being able to search within files is the ability to search email archives. The indexing process can open and read most popular email file formats (including pst) and identify the individual messages.
This allows for a fast text content search of any emails found on a system
Recover Deleted Files
After a file has been deleted, even once removed from the recycling bin, it often still exists until another new file takes its place on the hard drive. OSForensics can track down this ghost file data and attempt to restore it back to useable state on the hard drive.
Uncover Recent Activity
Find out what users have been up to. OSForensics can uncover the user actions performed recently on the system, including but not limited to:
Opened Documents
Web Browsing History
Connected USB Devices
Connected Network Shares
Collect System Information
Find out what's inside the computer. Detailed information about the hardware a system is running on:
CPU type and number of CPUs
Amount and type of RAM
Installed Hard Drives
Connected USB devices
and much more.
View Active Memory
Look directly at what is currently in the systems main memory. Attempt to uncover passwords and other sensitive information that would otherwise be inaccessible.
Select from a list of active processes on the system to inspect. OSF can also dump their memory to a file on disk for later inspection.
Extract Logins and Passwords
Recover usernames and passwords from recently accessed websites in common web browsers, including Internet Explorer, Firefox, Chrome and Opera.
What's New:
• Case Management
- Added 'Repeat action' checkbox to message box prompting to overwrite an existing case file
- Fixed issue with setting newly mount drives as default drive
• ESEDB Viewer- Fixed issue with setting newly mount drives as default drive
- Added progress bar when performing search
- When loading the 'SystemIndex_0A' table, a subset of the columns are now shown
- 'Known' tables are now shown in a different text colour
- Added right-click option to add selected records to case
- Added to list of known table names to be highlighted
- Additional decoding of known columns
• File Carving- When loading the 'SystemIndex_0A' table, a subset of the columns are now shown
- 'Known' tables are now shown in a different text colour
- Added right-click option to add selected records to case
- Added to list of known table names to be highlighted
- Additional decoding of known columns
- Fixed overall system slowdown caused by large blocking file reads
• Internal viewer
- Improved loading and caching of files
- Reduced file loading time by optimizing file system accesses
• Password Recovery- Reduced file loading time by optimizing file system accesses
- An error message was updated to show correct error code when permissions prevented some registry changes
• Rainbow Tables
- Added check for when adding .rti rainbow tables without valid file segments to prevent a crash
• Recent Activity
- Added Windows search index records
- Fixed crash when pressing 'Enter' with nothing selected
- Fixed item selection when 'End' is pressed
• Search Index- Fixed crash when pressing 'Enter' with nothing selected
- Fixed item selection when 'End' is pressed
- Multiple history items can now be added to case
- Multiple history items can now be deleted
- Fixed potential Thumbnail View crash due to lists being deleted while thumbnails are loading
• SQLite Browser- Multiple history items can now be deleted
- Fixed potential Thumbnail View crash due to lists being deleted while thumbnails are loading
- Cleaned up code to ensure files saved in temp folder are removed when exiting OSF.
• ThumbCache Viewer
- Added column for thumbnail size
- Added preliminary support for Win8 thumbnail cache
• Thumbnail View- Added preliminary support for Win8 thumbnail cache
- Deleted file thumbnails now show the proper icon/thumbnail with a deleted overlay flag
- Improved performance of loading thumbnails of deleted files
• WebBrowser- Improved performance of loading thumbnails of deleted files
- No longer creates a web browser temp dir as it was not being used and was not being cleaned up properly after program exit.
• Misc
- Fixed bug with creating Encase files for imaging
http://www.uploadable.ch/file/x5qk7JSC3J84/P-302POSF.rar
No comments:
Post a Comment