Friday, February 01, 2013
Norshahrizal
OSForensics is a new digital investigation tool which lets you extract forensic data or uncover hidden information from computers. OSForensics has a number of unique features which make the discovery of relevant forensic data even faster, such as high-performance deep file searching and indexing, e-mail and e-mail archive searching and the ability to analyze recent system activity and active memory. OSForensics can build and let you view an events timeline which shows you the context and time of activities. You can even recover data and files that have been deleted by users. OSForensics comes with a built-in file viewer which lets you examine a file contents, properties and meta-data, as well as an e-mail viewer which is compatible with most popular mail client formats.
Search within Files
If the basic file search functionality is not enough, OSForensics can also create an index of the files on a hard disk. This allows for lightning fast searches for text contained inside the documents. Powered by the technology behind Wrensoft's acclaimed Zoom Search Engine.
Search for Emails
An additional feature of being able to search within files is the ability to search email archives. The indexing process can open and read most popular email file formats (including pst) and identify the individual messages.
This allows for a fast text content search of any emails found on a system.
Recover Deleted Files
After a file has been deleted, even once removed from the recycling bin, it often still exists until another new file takes its place on the hard drive. OSForensics can track down this ghost file data and attempt to restore it back to useable state on the hard drive.
Uncover Recent Activity
Find out what users have been up to. OSForensics can uncover the user actions performed recently on the system, including but not limited to:
Opened Documents
Web Browsing History
Connected USB Devices
Connected Network Shares
Collect System Information
Find out what's inside the computer. Detailed information about the hardware a system is running on:
CPU type and number of CPUs
Amount and type of RAM
Installed Hard Drives
Connected USB devices
and much more.
View Active Memory
Look directly at what is currently in the systems main memory. Attempt to uncover passwords and other sensitive information that would otherwise be inaccessible.
Select from a list of active processes on the system to inspect. OSF can also dump their memory to a file on disk for later inspection.
Extract Logins and Passwords
Recover usernames and passwords from recently accessed websites in common web browsers, including Internet Explorer, Firefox, Chrome and Opera.
What's Newin v2.0.1000
Major changes
Search within Files
If the basic file search functionality is not enough, OSForensics can also create an index of the files on a hard disk. This allows for lightning fast searches for text contained inside the documents. Powered by the technology behind Wrensoft's acclaimed Zoom Search Engine.
Search for Emails
An additional feature of being able to search within files is the ability to search email archives. The indexing process can open and read most popular email file formats (including pst) and identify the individual messages.
This allows for a fast text content search of any emails found on a system.
Recover Deleted Files
After a file has been deleted, even once removed from the recycling bin, it often still exists until another new file takes its place on the hard drive. OSForensics can track down this ghost file data and attempt to restore it back to useable state on the hard drive.
Uncover Recent Activity
Find out what users have been up to. OSForensics can uncover the user actions performed recently on the system, including but not limited to:
Opened Documents
Web Browsing History
Connected USB Devices
Connected Network Shares
Collect System Information
Find out what's inside the computer. Detailed information about the hardware a system is running on:
CPU type and number of CPUs
Amount and type of RAM
Installed Hard Drives
Connected USB devices
and much more.
View Active Memory
Look directly at what is currently in the systems main memory. Attempt to uncover passwords and other sensitive information that would otherwise be inaccessible.
Select from a list of active processes on the system to inspect. OSF can also dump their memory to a file on disk for later inspection.
Extract Logins and Passwords
Recover usernames and passwords from recently accessed websites in common web browsers, including Internet Explorer, Firefox, Chrome and Opera.
What's Newin v2.0.1000
Major changes
- Support for multiple drives & folders when indexing. So an single index can now span more than drive.
- Support for templates in the file indexing module. (to save re-entering data each time an index in created)
- Ability to capture pages from web sites and add them to a case (not finished in this Alpha release).
- Add support for searching multiple set of index files in a single search.
- Added much improved E-mail viewer / browser.
- Will open automatically if viewing an E-mail archive.
- Can now add Email attachments to case
- Added the option to copy files from a case to the output directory when creating a case report (instead of just including a reference to the files).
- Changes to the Internal File Viewer.
- Window can now be maximized. Minimum window size limits removed.
- Minor metadata fixes
- Can now add string list to case in Hex Viewer
- Exported string list now contains string extraction settings
- Can now carve to file (and add to case) in Hex Viewer
- Can now directly open Office documents without the need for an external tool to extract the text. Should be significantly faster to open large documents in images.
- The index search function in now built into OSF (so it is no longer an external .exe). This allows better persistent caching of the index which in some cases leads to much faster searches e.g. 500% times faster, for large sets of index files and search terms that give small result sets. Even in the worst case there will be around a 10% improvement on search times.
- Carved file can now be added to case in the raw disk viewer
- Implemented functions for reading the $I30 info file for NTFS directories. I30 data now shown in Hex View tab for NTFS directories.
- WebBrowser, Added ability to add/save complete webpage to case as MHTML (.mht) file and image file. Can select region of screen to save or full screen. Free version of software will contain watermark, Pro version won't.
- Changes to the raw disk viewer
- Added right-click menu to search results in raw disk viewer. In particular, users can now export the search results to disk
- 'Select Range' dialog now populates 'Start offset' with current offset
- 'Select Range' dialog shows the number of bytes between the start and end offset
- Changed UI layout to tab-based of memory viewer module. Re-organized buttons.
- Bug fix when accessing zip file content on FAT16 volume using direct image access.
- Fixed bug where FAT clusters were incorrectly flagged as deleted
- Several speed improvements on FAT volume with using direct image access
- Bug fix for assert errors at startup on machines with large amounts of RAM (> 32GB)
- Fixed pre-scan file counting bug relating to upper and lower case files names in the indexing module.
- The last folder used for a report is now stored to avoid the need to re-enter it.
- Fixed a crash on exit caused by the memviewer freeing resources that it shouldn't be freeing.
- Fixed a bug that prevented case reports being generated on any drive other than the one the case resided on.
- Made some changes to the Opera browser recent activity functions to prevent a possible crash.
- Added toolbar for quick access to changing views in file system browser.
- Fixed file name issues when exporting HFS+ files to an NTFS drive where the file name on the Mac system used characters that are illegal characters on a NTFS system.
- Changed behaviour when adding emails from a search to overwrite existing ones (previously would create a second copy with a number appended to the name)
- Change behaviour so that when an email overwrites one that already exists the list view item of the old item is updated with the new title
- Added right-click function for directories in file system viewer to switch to 'Create Signature' module and automatically fill in location
- Better handling of nested e-mail/attachments in the index search function
- New indexer with fixes for index search results showing corrupted URLs for email attachments & also fixed binary string extraction skipping longer phrases
- Fixed bug in Mbox Email Reader with attachments missing characters in the filename.
- Fixed progress bar for adding email and attachment to the case
- Fixed Email path issues in the file signature function.
- DOS batch (.bat) files can now be run from the system information function.
- Corrected an issue where the "Live system Capable" radio buttons was not checked when editing a command in system information function.
- Allow right-click Copy/Copy All in the system information results tab
- Fixed buffer overflow caused by long header fields (eg. 'To:')
- More information about the index is displayed under the results window.
- Changed default number of maximum search results to 1000 from 5000.
- Adding logging and error conditions for searching an index
- Fixed a bug preventing FireFox recent activity history from being read when directly accessing an image file
- Fixed a bug where the location of IE & Safari recent activity entries could show uninitialised character values when directly accessing an image file
- Fixed bug when in search index function when opening a word list that contains extended ASCII characters.
- Fixed bug in search index history list view when a past search query contains spaces
- Bulk searches performed via 'Browse Index' tab can now be cancelled by the user before they have completed
- Added message box after successfully carving to file in the raw disk viewer
- Fixed a bug with Chrome timestamps not being converted correctly in recent activity and new Chrome releases.
- Fixed a typo in recent activity drop down (Form History)
- Fixed incorrect display of Cyrillic characters in some recent activity output (Chrome and Firefox)
http://rapidgator.net/file/75149158/P-201000OSFP.rar.html
Posted in: 
0 comments:
Post a Comment