• 
  • Find files faster
  • Search within files
  • Search for E-mails
  • Recover deleted files
  • Uncover Recent Activity
  • Collect system information
  • Password recovery
  • Hidden Disk Areas - HPA/DCO
• 
  • Verify and match files
  • Find misnamed files
  • Compare drive signatures
  • Timeline viewer
  • File viewer
  • Binary String Extraction
  • Email viewer
  • Registry viewer
  • File system browser
  • Raw disk viewer
  • Thumbnail cache viewer
  • SQLite database browser
  • ESE database browser
  • Prefetch viewer
  • $UsnJrnl viewer
  • Plist viewer
• 
  • Case management
  • Generate reports
  • Storage device management
  • Drive Imaging
  • Rebuild RAID arrays
  • Portability
  • Secure case logging
  • Support

   

Prefetch Viewer

OSForensics™ includes a Prefetch viewer for viewing application execution metrics stored by the operating system's Prefetcher. The Prefetcher is a component that improves the performance of the system by pre-caching applications and its associated files into RAM, reducing disk access. To facilitate this, the Prefetcher collects application usage details such as:

• Application run count
• Last run time
• Files/disks that the application uses while executing

Using this information, forensics investigators can determine a suspect's application usage patterns (eg. "Cleaner" software used recently) and files that have been opened (eg. documents).