OSForensics V7

OSForensics lets you extract forensic evidence from computers quickly with high performance file searches and indexing. Identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data. Manage your digital investigation and create reports from collected forensic data. Phone, E-mail, Forum support, plus free upgrades, for 12 months after purchase included. ***Now for a limited time, purchase a license of OSForensics and we will donate 10% of the proceeds to Operation Underground Railroad (O.U.R.)

Quantità

  • Spedizione sicura! Spedizione sicura!
  • Spedizione con corriere espresso! Spedizione con corriere espresso!
  • Supporto tecnico! Supporto tecnico!
  • Ability to boot an image as a Virtual Machine from OSForensics.
  • Addition of System Resource Usage Monitor (SRUM) database scanning for User Activity collection
  • OCR (Optical character recognition) allows you to search for text within PDF files
  • New built in hash sets for: Keyloggers, VPN Software, Peer to Peer (P2P) software, Cryptocurrency
  • Support for importing Project VIC hash sets

Features

Discover Forensic Evidence Faster

Identify Suspicious Files and Activity

  • Verify and match files with MD5, SHA-1 and SHA-256 hashes
  • Find misnamed files where the contents don't match their extension
  • Create and compare drive signatures to identify differences
  • Timeline viewer provides a visual representation of system activity over time
  • File viewer that can display streams, hex, text, images and meta data
  • Email viewer that can display messages directly from the archive
  • Registry viewer to allow easy access to Windows registry hive files
  • File system browser for explorer-like navigation of supported file systems on physical drives, volumes and images
  • Raw disk viewer to navigate and search through the raw disk bytes on physical drives, volumes and images
  • Web browser to browse and capture online content for offline evidence management
  • ThumbCache viewer to browse the Windows thumbnail cache database for evidence of images/files that may have once been in the system
  • SQLite database browser to view the and analyze the contents of SQLite database files
  • ESEDB viewer to view and analyze the contents of ESE DB (.edb) database files, a common storage format used by various Microsoft applications
  • Prefetch viewer to identify the time and frequency of applications that been running on the system, and thus recorded by the O/S's Prefetcher
  • Plist viewer to view the contents of Plist files commonly used by MacOS, OSX, and iOS to store settings
  • $UsnJrnl viewer to view the entries stored in the USN Journal which is used by NTFS to track changes to the volume

Manage Your Digital Investigation

Professional and Bootable Editions

The professional and bootable editions of OSForensics have many features not available in the free edition, including;

  • Import and export of hash sets
  • Customizable system information gathering
  • No limits on the amount of cases being managed through OSForensics
  • Restoration of multiple deleted files in one operation
  • List and search for alternate file streams
  • Sort image files by colour
  • Disk indexing and searching not restricted to a fixed number of files
  • No watermark on web captures
  • Multi-core acceleration for file decryption
  • Customizable System Information Gathering
  • View NTFS directory $I30 entries to identify potential hidden/deleted files

PassMark
Nuovo prodotto