OSForensics will allow you to extract forensic data from computers, quicker and easier than ever. Uncover everything hidden inside a PC. Discover relevant forensic data faster with high performance file searches and indexing. Restore deleted files. Identify suspicious files and activity with hash matching, drive signature comparisons, and look into e-mails, memory, and binary data. Manage your digital investigation. Organize information and create reports about collected forensic data.
- Fixed potential deadlock after clicking 'Cancel' when items are being added to the case
- Fixed 'To' field missing in e-mail case properties
- Fixed 'From', 'To', 'Subject' fields missing in case report
- Removed check for empty e-mail headers (From, To, Subject, etc...) when adding e-mail to case. Adding warning to log file instead
- When exporting e-mails to file/case, 'Print-friendly' HTML file is now generated. Currently, only HTML/text is supported
- Indexer updated to the latest Zoom Engine
- Fixed a bug when indexing email attachments with accent characters in the folder path
- Fixed infinite loop bug when indexing corrupted ZIP files
- Fixed a crash bug with indexing MSI files (and any other files that can be misidentified as DOC)
- Added error message when handling bad ZIP files./li>
- Added default handling of .msi files as binary (filename only) format
- Will now return files/folder from user's Recent Item folder (shell folder)
- Added Support for Word 2013 Reading Locations to Recent File List Item
- Added Support for Office 2013 (Word, PowerPoint, Excel) Recent File List
- Added Adobe Acrobat Reader MRU locations
- Now also parsing the subkeys to Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RecentDocs\\.xxx, where .xxx is file extension to retrieve more information
- Added Right Click Menu Option - Copy Row to Clipboard
- GUI Fixes, Help File Link Update
- Added Filter for text search of all fields for an activity type
- Installed Programs, if there is no program name, will return registry location as the title
- When opening key paths containing SYSTEM\CurrentControlSet which is a volatile symbolic link, replaced with 'ControlSet00n' where n is the current control set
- Improved performance of adding PST e-mail/attachments to case by using the same e-mail file handle, instead of opening and closing for every e-mail message
Reviewing 2.1.1000 (Aug 12, 2013)
Pretty interesting. Has a serious learning curve attached to it. Don't expect to be a CSI right out of the gate. Compared to enCase, this has a nicer interface, and has the same challenge to learning where everything is, and how it all ties together. Haven't completed a full case in this one yet, but so far it's worked decently. Get it and try it. Certainly useful for any Information Assurance students.
Also sets itself as transportable which is ridiculously useful. I'll give it a 5 because it all comes together well.
Reviewing 2.0.1001 (Feb 4, 2013)
Most interesting +
Reviewing 1.2.1003 (Oct 7, 2012)
wholemkt9 go fu*** your self!
No comments yet