OSForensics

OSForensics enables you to retrieve forensic evidence from computers rapidly using high-performance file searches and indexing. Detect suspicious files and activity using hash matching, drive signature comparisons, email, memory, and binary data. Manage your digital investigation and generate reports based on acquired forensic data. Enjoy!

OSForensics can index the contents of a wide range of file formats. This includes: DOC, DOCX, PDF, PPT, XLS, RTF, WPD, SWF, DJVU, JPG, GIF, PNG, TIFF, MP3, DWF, DOCX, PPTX, XLSX, MHT, ZIP, PST, MBOX, MSG, DBX, ZIP, ZIPX, RAR, ISO, TAR, 7z, and others. Recursive containers are also supported. So it is feasible to properly index a DOCX file attached to an email in a PST file, which is then compressed in a ZIPX file.

It offers one of the quickest and most powerful methods for locating files on a Windows machine. You may search by filename, size, creation and modification dates, and other parameters. Results are returned and presented in a variety of relevant perspectives. This features the Timeline View, which allows you to go through the matches on a timeline, revealing a pattern of user activity on the machine.

The first step in being able to search emails is to establish an index for the relevant archives. This may take some time, but it is necessary for further rapid searches. OS Forensics enables you to conduct full-text searches within email archives used by several common email clients, including Microsoft Outlook, Mozilla Thunderbird, Outlook Express, and others.

OSForensics allows you to recover and search deleted data, even if they have been removed from the recycle bin. This allows you to review any files that the user may have attempted to delete. Each deleted file discovered is shown with a Quality indicator ranging from 0 to 100. A number of 100 indicates that the deleted file is mostly intact, with only a few missing clusters of data.

OSForensics examines your system for signs of recent activity, such as visited websites, USB devices, wireless networks, recent downloads, website logins, and passwords. This is especially valuable for determining the user's tendencies and behaviors, as well as any recently accessed materials or accounts.

The software allows you to recover browser passwords from Chrome, Edge, Internet Explorer, Firefox, and Opera. This can be done live or from a hard disk image. Data recovered includes the website's URL (typically HTTPS), login username, password, browser used to access the site, and Windows user name. Blacklisted URLs are also recorded, indicating that the user visited the site but chose not to store a password in their browser.

It can detect and disclose the HPA and DCO hidden sections of a hard drive, which can be used for malicious purposes such as hiding illicit data. The Host Protected Area (HPA) and Device Configuration Overlay (DCO) are features that prevent end users from accessing certain sectors of a hard disk.

The software has built-in support for accessing Volume Shadow Copies. Shadow copies show the volume at a previous point in time. This enables the detection of file modifications as well as the viewing of potentially deleted files.

It includes a simple web viewer that can load online sites from the internet and store screenshots of web pages to the case.
The Web Browser can potentially be set to collect websites from a user-specified list of URLs. The Web Browser can also capture all or a selection of connected pages (up to a single level).

Features and Highlights

• Import and export hash sets 
• Customizable system data collection 
• There are no limits on the number of cases processed with OSForensics. 
• Restoring numerous lost files in one process 
• List and search for alternative file streams. 
• Sort the image files by color. 
• Disk indexing and searching are not limited to a specific quantity of files. 
• No watermarks on web captures. 
• Multi-core acceleration for file decryption. 
• Customizable System Information Gathering 
• Find files faster; search by filename, size, and time. 
• Use the Zoom search engine to search within the contents of a file. 
• Search through email archives from Outlook, Thunderbird, Mozilla, and more! 
• Recover and search for deleted files. 
• Discover recent activities of website visits, downloads, and logins. 
• Collect system information, retrieve passwords from online browsers, decrypt office documents. 
• Discover and reveal hidden locations on your hard disk. 
• Browse Volume Shadow copies to view previous versions of files.

Note: 30 days trial version. Limited functionality.

Thank you for choosing Filesalad

Also, check out: NIUBI Partition Editor