What's new in OSForensics V10 by PassMark Software
How to install OSForensics by PassMark Software
Using the Workflow: Learn how to use the OSForensics user interface workflow.
System Information: Learn how to use the presets in the System Information Module
System Information: Learn how to detect Bitlocker encryption
Troubleshooting: Learn how to use the OSForensics Help File and how to collect a Debug Log.
Process-Specific Memory Images: Learn how to collect process specific memory images.
User Activity: Learn how to collect evidence of user activity.
File Name Search: Learn how to search for names of files and folders that match the specified search pattern.
Deleted File Search: Learn how to recover files deleted from the file system.
Mismatch File Search: Learn how to locate files whose contents do not match its file extension.
File Viewer: Learn how to view a range of file types, analyse metadata and extract strings from raw data.
SQLite Browser: Learn how to analyze the contents of SQLite database files.
Raw Disk Viewer: Learn how to analyze the raw sectors of all devices along with all physical disks and partitions.
Creating an Index: Learn how to create an index, which allows you to perform content-based searches across the entire drive.
Searching an Index: Learn how to perform a search of all documents and document contents of your index.
Program Artifacts: Learn how to collect program artifact traces left by applications.
Custom Logical Images: Learn how to create a Custom Logical Image.
Recover Passwords: Learn how to recover passwords from several types of applications.
File Decryption: Learn how to perform file decryption on various document types.
Creating Forensic Images: Learn how to collect process specific memory images.
Imaging a Cloud Account: Learn how to create an Image of a Gmail Account.
String Extraction: Learn how to extract strings from Memory (RAM).
Forensic Image Virtual Boot: Learn how to create a Virtual Machine from a Forensic Disk Image.
Metadata Scanning: Learn how to extract file system metadata from IOS devices.
USB Device History: Learn how to display details of recently connected USB devices.
Examining Optical Disks: Learn how to examine CD, DVD and Blu-Ray disks.
Analysing Shadow Copies: Learn how to discover changes to files through shadow copy analysis.
Clipboard Analysis: Learn how to view the clipboard contents of a live system.
Network Acquisition: Learn how to acquire a logical image of a network location.
EFS Encryption: Learn how to locate, extract, unlock and view Windows EFS encrypted files.
Hash Value Validation: Learn how to validate the hash value of a Forensic Image (Post Examination).
Distributed Password Cracking: Learn file decryption and password recovery of Microsoft Office documents, archive files (zip, rar) and PDF files.
Remote Data Acquisition: Learn how to collect forensics artefacts from machines connected to the network, without the need to perform manual, on-site live acquisition.
Imaging Speeds: Watch OSForensics image a live 512GB SSD with SHA-1 hashing enabled in 4.35 minutes.
Auto Triage: See how to collect and prioritize valuable evidence with Auto Triage.
Basic File Recovery: See how to search for and recover files that have been deleted from disk.
File Indexing & Searching: Learn how to scan the contents of documents and emails on a disk and create a search index to allow fast searching through them.
Case Management: Cases are used to group together findings within OSForensics that can be exported or saved for later analysis.
Create Hash Sets: Hash sets are used to quickly identify known safe files and known suspect files, see how to create and install new hash sets.
Analyze Hash Sets: Hash sets are used to quickly identify known safe files and known suspect files, see how to use has sets for system analysis.
Password Recovery: See how to search for passwords stored in web browsers and retrive passwords of encrypted documents.
Recent Activity: A demonstration of scanning a system for evidence of recent activity, such as accessed websites, USB drives, wireless networks, and recent downloads.
Create Signatures: These allow users to identify changes to the file system and registry between two points in time, watch how to create signatures.
Compare Signatures: These allow users to identify changes to the file system and registry between two points in time, watch how to compare signatures.
Copyright © 2022 PassMark™ Software