OSForensics V5

PRODUCT #: OSForensics V5
OSForensics allows you to identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory, and binary data. 
It lets you extract forensic evidence from computers quickly with advanced file searching and indexing and enables this data to be managed effectively.

Discover Forensic Evidence Faster
  • Find files faster, search by filename, size and time
  • Search within file contents using the Zoom search engine
  • Search through email archives from Outlook, ThunderBird,
    Mozilla, and more
  • Recover and search deleted files
  • Uncover recent activity of website visits, downloads, and logins
  • Collect detailed system information
  • Password recovery from web browsers, decryption of office documents
  • Discover and reveal hidden areas in your hard disk
  • Browse Volume Shadow copies to see past versions of files
Identify Suspicious Files and Activity
  • Verify and match files with MD5, SHA-1 and SHA-256 hashes
  • Find misnamed files where the contents don't match their extension
  • Create and compare drive signatures to identify differences
  • Timeline viewer provides a visual representation of system activity over time
  • File viewer that can display streams, hex, text, images and meta data
  • Email viewer that can display messages directly from the archive
  • Registry viewer to allow easy access to Windows registry hive files
  • File system browser for explorer-like navigation of supported file systems on physical drives, volumes and images
  • Raw disk viewer to navigate and search through the raw disk bytes on physical drives, volumes and images
  • Web browser to browse and capture online content for offline evidence management
  • ThumbCache viewer to browse the Windows thumbnail cache database for evidence of images/files that may have once been in the system
  • SQLite database browser to view the and analyze the contents of SQLite database files
  • ESEDB viewer to view and analyze the contents of ESE DB (.edb) database files, a common storage format used by various Microsoft applications
  • Prefetch viewer to identify the time and frequency of applications that been running on the system, and thus recorded by
    the O/S's Prefetcher
  • Plist viewer to view the contents of Plist files commonly used by MacOS, OSX, and iOS to store settings
  • $UsnJrnl viewer to view the entries stored in the USN Journal which is used by NTFS to track changes to the volume

Manage Your Digital Investigation
  • Case management enables you to aggregate and organize results and case items
  • HTML case reports provide a summary of all results and items you have associated with a case
  • Centralized management of storage devices for convenient access across all OSForensics' functionality
  • Drive imaging for creating/restoring an exact copy of a storage device
  • Rebuild RAID arrays from individual disk images
  • Install OSForensics on a USB flash drive for more portability
  • Maintain a secure log of the exact activities carried out during the course of the investigation

Platforms
  • Windows XP SP3, Vista, Win 7, Win 8, Win 10, Server 2000, 2003, 2008, 2012
  • Available for both 32-bit and 64-bit platforms

Requirements
  • Minimum 1GB of RAM (4GB+ recommended)
  • 200MB of free disk space, or can be run from USB drive