Replacing Microsoft Cofee With OSForensics

The System Information function in OSForensics has many of the system tools predefined for use that are used in Cofee. This includes the following system commands; 

• at.exe
• autorunsc.exe
• btstat.exe
• getmac.exe
• handle.exe
• hostname.exe
• ipconfig.exe
• msinfo32.exe
• nbtstat.exe
• net.exe
• netdom.exe
• netstat.exe
• openfiles.exe
• psfile.exe
• pslist.exe
• psloggedon.exe
• psservice.exe
• pstat.exe
• quser.exe
• route.exe
• sc.exe
• showgrps.exe
• srvcheck.exe
• tasklist.exe
• whoami.exe

There are several functions available in the Basic System Information list that gather system information such as the computer name, cpu, memory and disk information, in place of the systeminfo.exe function. However, you could also add the "systeminfo.exe" command to retrieve even more information (such as boot time, windows install date) by clicking the "Edit" button on the System information tab, clicking "Add", entering "systeminfo.exe" as the command and saving. It can then be added to one of the lists of commands to be run.

Adding external tools to be executed from OSForensics is a simple process, as explained above and there is also a demonstration available using RegRipper.

Another benefit of OSForensics is that is can be run on Vista and Win7 target machines, unlike Cofee which is only designed to run on XP.