PassMark OSForensics Professional 7.0.10016 (x86/x64) Portable | 100 Mb
OSForensics allows you to identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data. It lets you extract forensic evidence from computers quickly with advanced file searching and indexing and enables this data to be managed effectively.
New in V7- Ability to boot an image as a Virtual Machine from OSForensics.
- Addition of System Resource Usage Monitor (SRUM) database scanning for User Activity collection
- OCR (Optical character recognition) allows you to search for text within PDF files
- New built in hash sets for: Keyloggers, VPN Software, Peer to Peer (P2P) software, Cryptocurrency
- Support for importing Project VIC hash sets
Features- Discover Forensic Evidence Faster
- Find files faster, search by filename, size and time
- Index and Search within the file contents of Office, Acrobat documents, image files and more
- Search through email archives from Outlook, ThunderBird, Mozilla and more
- Recover and search deleted files
- Uncover recent activity of website visits, downloads and logins
- Collect detailed system information
- Password recovery from web browsers, decryption of office documents
- Discover and reveal hidden areas in your hard disk
- Browse Volume Shadow copies to see past versions of files
Identify Suspicious Files and Activity- Verify and match files with MD5, SHA-1 and SHA-256 hashes
- Find misnamed files where the contents don't match their extension
- Create and compare drive signatures to identify differences
- Timeline viewer provides a visual representation of system activity over time
- File viewer that can display streams, hex, text, images and meta data
- Email viewer that can display messages directly from the archive
- Registry viewer to allow easy access to Windows registry hive files
- File system browser for explorer-like navigation of supported file systems on physical drives, volumes and images
- Raw disk viewer to navigate and search through the raw disk bytes on physical drives, volumes and images
- Web browser to browse and capture online content for offline evidence management
- ThumbCache viewer to browse the Windows thumbnail cache database for evidence of images/files that may have once been in the system
- SQLite database browser to view the and analyze the contents of SQLite database files
- ESEDB viewer to view and analyze the contents of ESE DB (.edb) database files, a common storage format used by various Microsoft applications
- Prefetch viewer to identify the time and frequency of applications that been running on the system, and thus recorded by the O/S's Prefetcher
- Plist viewer to view the contents of Plist files commonly used by MacOS, OSX, and iOS to store settings
- $UsnJrnl viewer to view the entries stored in the USN Journal which is used by NTFS to track changes to the volume
Manage Your Digital Investigation- Case management enables you to aggregate and organize results and case items
- HTML case reports provide a summary of all results and items you have associated with a case
- Centralized management of storage devices for convenient access across all OSForensics' functionality
- Drive imaging for creating/restoring an exact copy of a storage device
- Rebuild RAID arrays from individual disk images
- Install OSForensics on a USB flash drive for more portability
- Maintain a secure log of the exact activities carried out during the course of the investigation
NOTE: This portable release supported Win7, Win8/8.1, Win10 (both 32-bit and 64-bit)Home Page -
Só visivel para registados e com resposta ao tópico.Only visible to registered and with a reply to the topic.Download link:
Só visivel para registados e com resposta ao tópico.Only visible to registered and with a reply to the topic.Links are Interchangeable - No Password - Single Extraction
Cantinho Satkeys
