Skip to main content

OSForensics: Windows Forensic Investigation Tool

OSForensics is a free forensic investigation software created by Passmark Software, for locating and analyzing digital evidence that are found in computer systems and digital storage devices.

The forensic suite contains a number of modules with specific functions - discover and read files, recover deleted files, find good and bad files using known hashes, search within files, recover passwords and much more. The modules can be run independently to perform a particular task, such as recover passwords or recover deleted files. You can also use the case management module to create a new case before analysis. This allows you to perform analysis on different hard disks or computers and save data from each case separately.


Once you have created a case you can use the different tools to perform an exhaustive search and data gathering operations that includes creation of an index of all files on the hard drive, including deleted files, search for emails from specific persons or containing specific key words anywhere within the email, scan for evidence of recent activity, such as accessed websites, details of USB devices which have been recently connected to the computer, such as Manufacturer Name, Product ID and Serial Number, wireless networks, website logins and passwords, and a number of other things.

OSForensics has some pretty interesting tools. For instance, the program is able to create signatures of a hard disk drive, preserving information about file and directory structures present on the system at the time of signature creation. You can then compare newer signatures with previously generated signatures, and quickly identify any changes to files or directory structure.


Another interesting module is the Mismatch File Search tool. This can identify files whose contents do not match their file extension – a Text file, which is actually a JPEG. This can help uncover personal documents and files that user is trying to hide by renaming the file extension.

With OSForensics you can also recovery browser passwords from IE, Firefox and Chrome. This can be done on the live machine or from an image of hard drive. The program also reports blacklisted URLs, showing the user has visited the site but elected not to store a password in the browser.

The program also gives you the option to recover passwords using Rainbow tables for MD5, LM and SHA1 hashes that can be either generated through OSForensics or downloaded from the website. OSForensics can also give users access to encrypted office documents using brute force attack.

Other tools include a raw disk viewer, active memory viewer, file meta data viewer, and a detailed system information viewer.

OSForensics is sure a powerful package, that is currently available for free during the beta stage. Passmark Software says that once the software is released, they will create two editions, a feature restricted free version and a Pro edition that will cost $499. At the moment, the one that is offered for free contains all features that will be found in the Pro edition, so get it while the beta lasts.


Popular posts from this blog

How to Record CPU and Memory Usage Over Time in Windows?

Whenever the computer is lagging or some application is taking too long to respond, we usually fire up task manager and look under the Performance tab or under Processes to check on processor utilization or the amount of free memory available. The task manager is ideal for real-time analysis of CPU and memory utilization. It even displays a short history of CPU utilization in the form of a graph. You get a small time-window, about 30 seconds or so, depending on how large the viewing area is.

Diagram 101: Different Types of Diagrams and When To Use Them

Diagrams are a great way to visualize information and convey meaning. The problem is that there’s too many different types of diagrams, so it can be hard to know which ones you should use in any given situation. To help you out, we’ve created this diagram that lays out the 7 most common types of diagrams and when they’re best used:

How to Schedule Changes to Your Facebook Page Cover Photo

Facebook’s current layout, the so called Timeline, features a prominent, large cover photo that some people are using in a lot of different creative ways. Timeline is also available for Facebook Pages that people can use to promote their website or business or event. Although you can change the cover photo as often as you like, it’s meant to be static – something which you design and leave it for at least a few weeks or months like a redesigned website. However, there are times when you may want to change the cover photo frequently and periodically to match event dates or some special promotion that you are running or plan to run. So, here is how you can do that.