OSForensics allows you to identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data.

It lets you extract forensic evidence from computers quickly with advanced file searching and indexing and enables this data to be managed effectively.

Click the images to view screenshots.

Features

Discover Forensic Evidence Faster

• Find files faster, search by filename, size and time
• Search within file contents using the Zoom search engine
• Search through email archives from Outlook, ThunderBird, Mozilla and more
• Recover and search deleted files
• Uncover recent activity of website vists, downloads and logins
• Collect detailed system information
• Password recovery from web browsers, decryption of office documents

Identify Suspicious Files and Activity

• Verify and match files with MD5, SHA-1 and SHA-256 hashes
• Find misnamed files where the contents don't match their extension
• Create and compare drive signatures to identify differences
• Timeline viewer provides a visual representation of system activity over time
• File viewer that can display streams, hex, text, images and meta data
• Email viewer that can display messages directly from the archive
• Registry viewer to allow easy access to Windows registry hive files

Manage Your Digital Investigation

• Case management enables you to aggregate and organize results and case items
• HTML case reports provide a summary of all results and items you have associated with a case
• OSForensics can be installed on a USB flash drive for more portability

Professional and Bootable Editions

The professional and bootable editions of OSForensics have many features not available in the free edition, including;

• Import and export of hash sets
• Customizable system information gathering
• No limts on the amount of cases being managed through OSForensics
• Restoration of multiple deleted files in one operation
• List and search for alternate file streams
• Disk indexing and searching not restricted to a fixed number of files

The bootable edition contains all the professional features plus the ability to be run on systems without a valid operating system. See the full comparison list between the editions.

Competitive Upgrade

If you have already purchased a competing forensics package, we want to offer you a competitive upgrade to make it an easier transition to OSForensics. You will receive a discount of 30% on your purchase of OSForensics if you qualify for the competitive upgrade. See here for more details.

Upgrade from Version 1 to Version 2

License keys issued for OSForensics version 1 contiue to be valid for version 2. Simply download the latest version and install it over the top of your current install.