PassMark OSForensics Professional 5.1 Build 1003




OSForensics allows you to identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data. It lets you extract forensic evidence from computers quickly with advanced file searching and indexing and enables this data to be managed effectively. 

Features: 
Discover Forensic Evidence Faster 
Find files faster, search by filename, size and time 
Search within file contents using the Zoom search engine 
Search through email archives from Outlook, ThunderBird, Mozilla and more 
Recover and search deleted files 
Uncover recent activity of website visits, downloads and logins 
Collect detailed system information 
Password recovery from web browsers, decryption of office documents 
Discover and reveal hidden areas in your hard disk 
Browse Volume Shadow copies to see past versions of files 

Identify Suspicious Files and Activity 
Verify and match files with MD5, SHA-1 and SHA-256 hashes 
Find misnamed files where the contents don’t match their extension 
Create and compare drive signatures to identify differences 
Timeline viewer provides a visual representation of system activity over time 
File viewer that can display streams, hex, text, images and meta data 
Email viewer that can display messages directly from the archive 
Registry viewer to allow easy access to Windows registry hive files 
File system browser for explorer-like navigation of supported file systems on physical drives, volumes and images 
Raw disk viewer to navigate and search through the raw disk bytes on physical drives, volumes and images 
Web browser to browse and capture online content for offline evidence management 
ThumbCache viewer to browse the Windows thumbnail cache database for evidence of images/files that may have once been in the system 
SQLite database browser to view the and analyze the contents of SQLite database files 
ESEDB viewer to view and analyze the contents of ESE DB (.edb) database files, a common storage format used by various Microsoft applications 
Prefetch viewer to identify the time and frequency of applications that been running on the system, and thus recorded by the O/S’s Prefetcher 
Plist viewer to view the contents of Plist files commonly used by MacOS, OSX, and iOS to store settings 
$UsnJrnl viewer to view the entries stored in the USN Journal which is used by NTFS to track changes to the volume 

Manage Your Digital Investigation 
Case management enables you to aggregate and organize results and case items 
HTML case reports provide a summary of all results and items you have associated with a case 
Centralized management of storage devices for convenient access across all OSForensics’ functionality 
Drive imaging for creating/restoring an exact copy of a storage device 
Rebuild RAID arrays from individual disk images 
Install OSForensics on a USB flash drive for more portability 
Maintain a secure log of the exact activities carried out during the course of the investigation 

Professional and Bootable Editions 
The professional and bootable editions of OSForensics have many features not available in the free edition, including; 
Import and export of hash sets 
Customizable system information gathering 
No limits on the amount of cases being managed through OSForensics 
Restoration of multiple deleted files in one operation 
List and search for alternate file streams 
Sort image files by colour 
Disk indexing and searching not restricted to a fixed number of files 
No watermark on web captures 
Multi-core acceleration for file decryption 
Customizable System Information Gathering 
View NTFS directory $I30 entries to identify potential hidden/deleted files



Share this

Related Posts

Previous
Next Post »