• 
  • Find files faster
  • Search within files
  • Search for E-mails
  • Recover deleted files
  • Uncover Recent Activity
  • Collect system information
  • Password recovery
  • Hidden Disk Areas - HPA/DCO
• 
  • Verify and match files
  • Find misnamed files
  • Compare drive signatures
  • Timeline viewer
  • File viewer
  • Binary String Extraction
  • Email viewer
  • Registry viewer
  • File system browser
  • Raw disk viewer
  • Thumbnail cache viewer
  • SQLite database browser
  • ESE database browser
  • Prefetch viewer
  • $UsnJrnl viewer
  • Plist viewer
• 
  • Case management
  • Generate reports
  • Storage device management
  • Drive Imaging
  • Rebuild RAID arrays
  • Portability
  • Secure case logging
  • Support

   

Search Emails

OSForensics™ allows you to perform full-text searches within email archives used by many popular e-mail programs such as Microsoft Outlook, Mozilla Thunderbird, Outlook Express and more.

Indexing

The first stage in being able to search emails is to create an index of the archives in question. This can take some time but it is what allows for repeated fast searches later on.

An average computer can index about 10,000 average sized emails every 2 minutes.

Supported Email File Types

• .pst (Outlook)
• .mbox (Thunderbird, Eudora, Unix mail, and more)
• .msg (Outlook)
• .eml (Outlook Express)
• .dbx (Outlook Express)

Note that OSForensics can index these formats without needing the corresponding e-mail client to be installed.

Additionally the indexing process is not limited to just emails, but can also index other files such as Word Documents and PDFs also making their contents available for searching.

Advanced Search Criteria

Once the index is created the searching can begin. A normal search will try and find any specified key words anywhere within the email. However emails can also be searched based on date, To, From or CC fields.

Performance

Using the index searches can also be performed extremely fast. 20,000 emails can be searched in under a second, and searches can be performed repeatedly using the same index that only needs to be created once.