OSForensics – Digital Investigation Toolkit

One of the commercial tools that provide quick way to extract artifact and conducting Investigation is OSForensics. This tool have so many features such as recovering passwords from web browsers , search over email archives, recover deleted files , uncover recent web browsing activity , collect detailed system information and find required files faster.

OSForensics allows you to identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data.  It lets you extract forensic evidence from computers quickly with advanced file searching and indexing and enables this data to be managed effectively.

OSForensics - Digital Investigation Toolkit

OSForensics – Digital Investigation Toolkit

This tool will let the user deeply dive infto the information needed and look at what was changed and modified. Latest version 6 include the following features:

  • Indexing is now 3x faster with a vastly improved indexing engine featuring multi-threading,RAM drive, and pre-scan bypass options
  • OCR (Optical Character Recognition) allows you to search for text within photos and images *Win10 only
  • Encrypted PDF reports
  • Primary and Secondary Hash functions for Disk Imaging
  • Jump to MFT record from the Raw Disk Viewer
  • Disk Model and Serial Numbers saved in Disk Imaging
  • Quick Hash Set feature
  • Import Project VIC JSON files
  • EFS (Encrypted File System) support
  • Latest version of Volatility Workbench with Mac and Linux support
  • Collect new Win10 Timeline database for Recent Activity artifacts
  • Check for Skype Sqlite database files
  • Recovery of BitLocker keys
  • Extract videos in MP4 format from sites such as YouTube
  • Improved Auto-Triage feature

This is going to be the good toolkit in case you are looking to see all system activity in graphs to find what were changed on the hard-drive during a giving time.OSForensics allows to perform livebox response on the system in case this is possible you can take a snapshot and run the investigation or it will be possible to make an image of the disk and conduct the deadbox forensics.

You can read more and use this tool over here: https://www.osforensics.com/

Notify of
Inline Feedbacks
View all comments