OSForensics 2.2 Build 1000 – 2.3 Build 1 Beta Demo

Written by Admin on. Posted in Software

OSForensics 2.2 Build 1000 - 2.3 Build 1 Beta Demo

Extract forensic data from computers, quicker and easier than ever

PassMark OSForensics is a computer forensics application for locating and analyzing digital evidence that are found in computer systems and digital storage devices. A suite of modules are provided for effectively reducing the task of analyzing the vast amounts of data on live systems and storage media with a simple, easy-to-use modular interface. OSForensics also provides tools that can identify evidence material in seconds (such as a search for a particular file name) up to more sophisticated tools (such as locating incriminating data in deleted files) for identifying harder to locate digital evidence artifacts.
Here are some key features of “OSForensics”:
  • Find files quickly:
  • OSForensics allows you to search for files many times faster than the search functionality in Windows.
  • Results can be analyzed in the form of a file listing, a Thumbnail View, or a Timeline View which allows you to determine where significant file change activity has occurred.
  • Search within Files:
  • If the basic file search functionality is not enough, OSForensics can also create an index of the files on a hard disk. This allows for lightning fast searches for text contained inside the documents. Powered by the technology behind Wrensoft’s acclaimed Zoom Search Engine.
  • Search for Emails:
  • An additional feature of being able to search within files is the ability to search email archives. The indexing process can open and read most popular email file formats (including pst) and identify the individual messages. This allows for a fast text content search of any emails found on a system.
  • Recover Deleted Files:
  • After a file has been deleted, even once removed from the recycling bin, it often still exists until another new file takes its place on the hard drive. OSForensics can track down this ghost file data and attempt to restore it back to useable state on the hard drive.
  • Uncover Recent Activity:
  • Find out what users have been up to. OSForensics can uncover the user actions performed recently on the system, including but not limited to:
  • Opened Documents
  • Web Browsing History
  • Connected USB Devices
  • Connected Network Shares
  • Collect System Information:
  • Find out what’s inside the computer. Detailed information about the hardware a system is running on:
  • CPU type and number of CPUs
  • Amount and type of RAM
  • Installed Hard Drives
  • Connected USB devices
  • and much more. Powered by Passmark’s SysInfo DLL.
  • View Active Memory:
  • Look directly at what is currently in the systems main memory. Attempt to uncover passwords and other sensitive information that would otherwise be inaccessible.
  • Select from a list of active processes on the system to inspect. OSF can also dump their memory to a file on disk for later inspection.
  • Minimum 1GB of RAM (4GB+ recommended)
  • 30MB of free disk space, or can be run from USB drive
  • Number of cases limited to 3 at a time
  • Cannot undelete multiple files at once
  • Cannot search hard disk for files with multiple streams
  • Cannot create an index of more than 200,000 files
  • Cannot edit system information gathering lists
  • Cannot export hash sets
  • Cannot import the NSRL database into a hash set
  • Password cracking is limited to a single core
  • Cannot sort images by color
What’s New 
  • Increased copy to clipboard limit from 100 to 10,000 files
  • Password Recovery:
  • Added “a-z A-Z 0-9” Alphanumeric option to password recovery random character options
  • Added scanning of windows credential manager for browser passwords as part of the recent activity function.
  • Updated the Firefox password recovery feature to work with the latest version of Firefox (24)
  • Fixed a bug where if there was only one password entry stored in the Firefox database it was not displayed
  • File System Browser:
  • Added extra metadata column for the LCN of the first cluster of the file. This is useful for seeing if files are grouped together on the disk.
  • Drive Preparation:
  • The Write pattern function, could incorrectly report a write error near the very end of the drive for some USB flash drives, this has been corrected.
  • Changed the error message when adding an image file to a case to include the image name.
  • Updated “Print” features for EmailViewer and PstViewer
  • Fixed a bug with HTML email printing not hav…

Tags: ,

Trackback from your site.

Leave a comment