Install the program from the given setup.Maintain a secure log of the exact activities carried out during the course of the investigation Install OSForensics on a USB flash drive for more portability Rebuild RAID arrays from individual disk images HTML case reports provide a summary of all results and items you have associated with a caseĬentralized management of storage devices for convenient access across all OSForensics’ functionalityĭrive imaging for creating/restoring an exact copy of a storage device $UsnJrnl viewer to view the entries stored in the USN Journal which is used by NTFS to track changes to the volumeĬase management enables you to aggregate and organize results and case items Plist viewer to view the contents of Plist files commonly used by MacOS, OSX, and iOS to store settings Prefetch viewer to identify the time and frequency of applications that been running on the system, and thus recorded by the O/S’s Prefetcher SQLite database browser to view the and analyze the contents of SQLite database filesĮSEDB viewer to view and analyze the contents of ESE DB (.edb) database files, a common storage format used by various Microsoft applications ThumbCache viewer to browse the Windows thumbnail cache database for evidence of images/files that may have once been in the system Web browser to browse and capture online content for offline evidence management Raw disk viewer to navigate and search through the raw disk bytes on physical drives, volumes and images Registry viewer to allow easy access to Windows registry hive filesįile system browser for explorer-like navigation of supported file systems on physical drives, volumes and images Timeline viewer provides a visual representation of system activity over timeįile viewer that can display streams, hex, text, images and meta dataĮmail viewer that can display messages directly from the archive Verify and match files with MD5, SHA-1 and SHA-256 hashesįind misnamed files where the contents don’t match their extensionĬreate and compare drive signatures to identify differences Password recovery from web browsers, decryption of office documentsĭiscover and reveal hidden areas in your hard diskīrowse Volume Shadow copies to see past versions of files Uncover recent activity of website visits, downloads and logins Search through email archives from Outlook, ThunderBird, Mozilla and more Search within file contents using the Zoom search engine It lets you extract forensic evidence from computers quickly with advanced file searching and indexing and enables this data to be managed effectively.įind files faster, search by filename, size and time OSForensics allows you to identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |