What is OSForensics? Features and Capability

OSForensics provides one of the fastest and most powerful ways to locate files on a Windows computer. OSForensics  Extract forensic data from computers, quicker and easier than ever. Uncover everything hidden inside a PC.


Using advanced hashing algorithms OSForensics can create a digital identifier that can be used to identify a file. This identifier can be used both to verify a file has not been changed or to quickly find out if a file is part of a set of known files.

By looking at the contents of a file OSForensics can identify what kind of file it is and then figure out if the file has an incorrect extension. This can help locate “Dark Data” that the user has tried to conceal
By making a record of the details of the files on a hard drive a comparison can be then done at a later date to find out what has been changed. Extract text strings from binary data allowing you to find text hidden in otherwise unreadable chunks of information. Do this for both files found on the hard drive or directly from active memory of processes running on the system.


Find files quickly:

You can search by filename, size, creation and modified dates, and other criteria.

Results are returned and made available in several different useful views. This includes the Timeline View which allows you to sift through the matches on a timeline, making evident the pattern of user activity on the machine.


Search within Files

OSForensics™ includes one of the fastest and most powerful ways to search within the contents of all the files on a hard disk, powered by the acclaimed Wrensoft Zoom Search Engine.

With powerful pre-indexed searching capabilities offering full-text searching of hundreds of file formats, OSForensics offers:


[*]          Relevance ranked search results

[*]          Date sorting and date range searching

[*]          Wildcard searches

[*]          Exact phrase matching

[*]          “Google-like” context results

[*]          Highlighting

[*]          Exclusion searches (aka negative searches)


File formats

OSForensics can index the content of a huge variety of file formats. This includes: DOC, PDF, PPT, XLS, RTF, WPD, SWF, DJVU, JPG, GIF, PNG, TIFF, MP3, DWF, DOCX, PPTX, XLSX, MHT, ZIP and more. OSForensics can also perform analysis of files to determine their file type if they are lacking file extensions.


Search for Emails

An additional feature of being able to search within files is the ability to search email archives. The indexing process can open and read most popular email file formats (including pst) and identify the individual messages. This allows for a fast text content search of any emails found on a system


Recover Deleted Files

After a file has been deleted, even once removed from the recycling bin, it often still exists until another new file takes its place on the hard drive. OSForensics can track down this ghost file data and attempt to restore it back to useable state on the hard drive.


Uncover Recent Activity

OSForensics scans your system for evidence of recent activity, such as accessed websites, USB drives, wireless networks, recent downloads, website logins and website passwords. This is especially useful for identifying trends and patterns of the user, and any material or accounts which which have been accessed recently.

OSForensics helps you uncover web browser activity from users such as browsing history, cookies and stored usernames from web browsers. The table below shows which items can be retrieved from commonly used web browsers using OSForensics’ [B]Recent Activity[/B] module:


Most Recently Used (MRU) Lists

OSForensics can retrieve data about recently accessed applications, documents, media and network shares by scanning locations in the registry which store a user’s Most Recently Used (MRU) lists. The data which can be tracked by OSForensics includes (but isn’t limited to) files accessed in Microsoft Office applications, Microsoft Wordpad, Microsoft Paint, Microsoft Media Player, Windows Search, Connected Network Drives and the Windows Run command.


Connected USB Devices

OSForensics can display the details of USB devices which have been recently connected to the computer, providing information about the last connection date and device information such as Manufacturer Name, Product ID and Serial Number. The types of devices which can be detected include USB Flash Drives (UFDs), Portable Hard Disk Drives and external USB-connected devices such as DVD-ROM drives.


Collect System Information

The System Information module displays detailed information about the core components of the system including but not limited to:

[*]          CPU, Motherboard and Memory

[*]          BIOS

[*]          Video card/Display devices

[*]          USB controllers and devices

[*]          Ports (Serial/Parallel)

[*]          Network adapters

[*]          Physical and Optical Drives

In the Pro edition of OSForensics the information sets can be customized with support for calling additional third party system information gathering tools and adding their output to the report.


View Active Memory

Look directly at what is currently in the systems main memory. Attempt to uncover passwords and other sensitive information that would otherwise be inaccessible.


Select from a list of active processes on the system to inspect. OSF can also dump their memory to a file on disk for later inspection.


Extract Logins and Passwords

Recover usernames and passwords from recently accessed websites in common web browsers, including Internet Explorer, Firefox, Chrome and Opera.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s