Version:
V3.3 (Build 1004)
Latest release date:
12th April 2016
What's new for this release.

Price:
Feature restricted edition: Free
Professional edition: US$799.00

Professional Upgrade: US$399.00

(See feature comparison for more information)

Platforms:
Windows XP SP2, Vista, Win 7, Win 8, Win 10, Server 2000, 2003, 2008, 2012. Available for both 32-bit and 64-bit platforms.

Requirements:
Minimum 1GB of RAM. (8GB+ recommended)
60MB of free disk space, or can be run from USB drive. More details.

Related free tools:
OSFMount
OSFClone
ImageUSB

PassMark OSForensicsOSForensics - Digital investigation

OSForensics allows you to identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data.

It lets you extract forensic evidence from computers quickly with advanced file searching and indexing and enables this data to be managed effectively.

OSForensics - Main window OSForensics - Main window

Click the images to view screenshots.

Features

Discover Forensic Evidence Faster

Identify Suspicious Files and Activity

  • Verify and match files with MD5, SHA-1 and SHA-256 hashes
  • Find misnamed files where the contents don't match their extension
  • Create and compare drive signatures to identify differences
  • Timeline viewer provides a visual representation of system activity over time
  • File viewer that can display streams, hex, text, images and meta data
  • Email viewer that can display messages directly from the archive
  • Registry viewer to allow easy access to Windows registry hive files
  • File system browser for explorer-like navigation of supported file systems on physical drives, volumes and images
  • Raw disk viewer to navigate and search through the raw disk bytes on physical drives, volumes and images
  • Web browser to browse and capture online content for offline evidence management
  • ThumbCache viewer to browse the Windows thumbnail cache database for evidence of images/files that may have once been in the system
  • SQLite database browser to view the and analyze the contents of SQLite database files
  • ESEDB viewer to view and analyze the contents of ESE DB (.edb) database files, a common storage format used by various Microsoft applications
  • Prefetch viewer to identify the time and frequency of applications that been runnning on the system, and thus recorded by the O/S's Prefetcher

Manage Your Digital Investigation

Professional and Bootable Editions

The professional and bootable editions of OSForensics have many features not available in the free edition, including;

  • Import and export of hash sets
  • Customizable system information gathering
  • No limts on the amount of cases being managed through OSForensics
  • Restoration of multiple deleted files in one operation
  • List and search for alternate file streams
  • Sort image files by colour
  • Disk indexing and searching not restricted to a fixed number of files
  • No watermark on web captures
  • Multi-core acceleration for file decryption
  • Customizable System Information Gathering
  • View NTFS directory $I30 entries to identify potential hidden/deleted files

The bootable edition contains all the professional features plus the ability to be run on systems without a valid operating system. See the full comparison list between the editions.

 

Download Download OSForensics   |  
  |   Return to Products index