-
Latest Version
OSForensics 11.0.1010 LATEST
-
Review by
-
Operating System
Windows XP / Vista / Windows 7 / Windows 8 / Windows 10 / Windows 11
-
User Rating
Click to vote -
Author / Product
-
Filename
osf.exe
-
MD5 Checksum
3063649ce75d27d775feb827e20c6a9e
OSForensics can index the content of a huge variety of file formats. This includes: DOC, DOCX, PDF, PPT, XLS, RTF, WPD, SWF, DJVU, JPG, GIF, PNG, TIFF, MP3, DWF, DOCX, PPTX, XLSX, MHT, ZIP, PST, MBOX, MSG, DBX, ZIP, ZIPX, RAR, ISO, TAR, 7z and more. Recursive containers are also supported. So it is possible to correctly index a DOCX file attached to an E-mail in a PST file which is in turn compressed in a ZIPX file.
It provides one of the fastest and most powerful ways to locate files on a Windows computer. You can search by filename, size, creation and modified dates, and other criteria. Results are returned and made available in several different useful views. This includes the Timeline View which allows you to sift through the matches on a timeline, making evident the pattern of user activity on the machine.
The first stage in being able to search emails is to create an index of the archives in question. This can take some time but it is what allows for repeated fast searches later on. OS Forensics allows you to perform full-text searches within email archives used by many popular e-mail programs such as Microsoft Outlook, Mozilla Thunderbird, Outlook Express, and more.
OSForensics allows you to recover and search deleted files, even after they have been removed from the Recycle Bin. This allows you to review the files that the user may have attempted to destroy. Each deleted file found is displayed with a corresponding Quality indicator between 0-100. A value towards 100 means that the deleted file is largely intact, with only a few missing clusters of data.
OSForensics scans your system for evidence of recent activity, such as accessed websites, USB drives, wireless networks, recent downloads, website logins, and website passwords. This is especially useful for identifying trends and patterns of the user, and any material or accounts that have been accessed recently.
With the program, you can recover browser passwords from Chrome, Edge, IE, Firefox, and Opera. This can be done on the live machine or from an image of a hard drive. Data recovered include, the URL of the website (usually HTTPS), the login username, the site's password, the browser used to access the site & the Windows user name. Blacklisted URLs are also reported, showing the user has visited the site but elected not to store a password in the browser.
It can discover and expose the HPA and DCO hidden areas of a hard disk, which can be used for malicious intent including hiding illegal data. The Host Protected Area (HPA) and Device Configuration Overlay (DCO) are features for hiding sectors of a hard disk from being accessible to the end-user.
The app includes built-in support for accessing Volume Shadow Copies. Shadow copies provide a glimpse of the volume at a point in time in the past. This will allow for the discovery of changes to files and even view possible deleted files.
It provides a basic web viewer with the ability to load web pages from the web and save screen captures of web pages to the case.
The Web Browser can be optionally configured to capture the webpages from a user-specified list of URLs. In addition, the Web Browser can capture all or a subset of linked pages (up to a single level)
Features and Highlights
- Import and export of hash sets
- Customizable system information gathering
- No limits on the number of cases being managed through OSForensics
- Restoration of multiple deleted files in one operation
- List and search for alternate file streams
- Sort image files by color
- Disk indexing and searching not restricted to a fixed number of files
- No watermark on web captures
- Multi-core acceleration for file decryption
- Customizable System Information Gathering
- Find files faster, search by filename, size and time
- Search within file contents using the Zoom search engine
- Search through email archives from Outlook, ThunderBird, Mozilla and more
- Recover and search deleted files
- Uncover recent activity of website visits, downloads, and logins
- Collect detailed system information
- Password recovery from web browsers, decryption of office documents
- Discover and reveal hidden areas in your hard disk
- Browse Volume Shadow copies to see past versions of files
What's new in this version:
Customize Workflow:
- Fixed the issue where Lock/Unlock button text was not displayed properly
- Fixed the issue where the lock and unlock action was not in effect after pressing "Enter" key
Deleted Files:
- Clicking the "X" in the text search will "Enter" and the results should clear the text search filter. Also added Reset Right-Click option in the Scan Status tab to do the same.
Drive Preparation:
- Fixed issue with warning message strings not shown in full
Email Viewer:
- Changed PDF/HTML/MSG email export file naming scheme to: [Email Filename]-[Delivery Date in Case Time]-[Entry ID]-[Sender Email Address]
- Start/End date ranges on the search filters are now updated according to the list-view items delivery time
- Updated to take into account time zone for search filtering by Start/End dates
- Updated Emails export format
- Updated column sort for the Email export index.html
ESEDB Viewer:
- Fixed sorting issue when results have been filtered
Indexing:
- Added "View with E-mail Viewer" option to the right-click checked items submenu for the Emails tab
- Optimized the process of loading multiple emails to Email Viewer
- Fixed issue where duplicate items were added when loading multiple emails to Email Viewer
- Fixed issue with exporting a single email as HTML
Internal Viewer:
- Changed to perform regular expression searches using UTF8 strings only (to support URL regular expressions)
- Fixed memory bug when extracting strings in Hex View
Mismatch Files Search:
- Added 'Browser Cache' pre-set that allows the user to scan a specified evidence device or directory for Windows web browser cache
Web Server Log Viewer:
- Fixed possible crash on log files loading
Misc:
- Added a new line under the main OSF logo to display "X days left to validate" warning test in red when there is less than 10 days left for license check
- Updated the warning message that displayed when the subscription license is expiring soon
- AvastAvast Free Antivirus 24.8.9372.0
- 4K Download4K Video Downloader+ 1.9.0 (64-bit)
- PhotoshopAdobe Photoshop CC 2024 25.12 (64-bit)
- PC RepairPC Repair 1.0.3
- OperaOpera 113.0 Build 5230.86 (64-bit)
- Adobe AcrobatAdobe Acrobat Pro 2024.003.20112
- BlueStacksBlueStacks - Play on PC 5.21.556
- Hero WarsHero Wars - Online Action Game
- Trade IdeasTrade Ideas - AI Stock Trading Signals
- AnyRecoverAnyRecover 6.3.2
Comments and User Reviews