Identify suspicious files and activity.
Verify and Match Files
Using advanced hashing algorithms OSForensics can create a digital identifier that can be used to identify a file.
This identifier can be used both to verify a file has not been changed or to quickly find out if a file is part of a set of known files. More »
Find Misnamed Files
By looking at the contents of a file OSForensics can identify what kind of file it is and then figure out if the file has an incorrect extension. This can help locate "Dark Data" that the user has tried to conceal. More »
Create & Compare Drive Signatures
By making a record of the details of the files on a hard drive a comparison can be then done at a later date to find out what has been changed. More »
Built-in File Viewer
Once you have found a file you are interested in you can view it multiple ways from within OSF without needing to rely on one or more external applications. Files can be viewed as.
- Images (where applicable)
- Binary Data
- Text Data
Or you can view the file properties and meta data. More »
Binary String Extraction
Extract text strings from binary data allowing you to find text hidden in otherwise unreadable chunks of information. Do this for both files found on the hard drive or directly from active memory of processes running on the system. More »
Open emails from most popular formats directly inside OSForensics, no need to install multiple mail clients in order to view emails from different sources. More »
Open registry files from within OSF, both offline and live registry files currently locked by Windows, navigate to known key locations and fast searching. As it doesn't use Windows API calls more information can seen, eg the time and date of a key's last edit and registry entries that might be hidden by malicious software. More »