OSForensics 3.1.1004

4.4 out of 5 stars 4.4 (20 votes)


Windows 7/Vista/XP / Freeware / 3,381 downloads

OSForensics will allow you to extract forensic data from computers, quicker and easier than ever. Uncover everything hidden inside a PC. Discover relevant forensic data faster with high performance file searches and indexing. Restore deleted files. Identify suspicious files and activity with hash matching, drive signature comparisons, and look into e-mails, memory, and binary data. Manage your digital investigation. Organize information and create reports about collected forensic data.

  • Homepage


  • Latest Changes

    - Email Viewer ?Added handling of rfc2047 encoding in subject/address fields of MIME headers

    - Fixed buffer overflow in status message while recovering deleted e-mails in PST files

    - Fixed 'S' shortcut key being processed instead of 'Ctrl+S' to add attachments to case

    - Fixed a bug with saving embedded message in PST/OST files as .msg. LIBPFF_ENTRY_TYPE_ATTACHMENT_DATA_OBJECT property was being saved as a stream instead of storage

    - ESEDB Viewer ?Fixed population of known ESEDB files to use localised folder names instead of hard-coded locations

    - File Indexing ?Pre-scanning can now be cancelled while scanning PST messages

Reviews of OSForensics

  1. 5 out of 5 stars

    Reviewing 2.1.1000 (Aug 12, 2013)

    Pretty interesting. Has a serious learning curve attached to it. Don't expect to be a CSI right out of the gate. Compared to enCase, this has a nicer interface, and has the same challenge to learning where everything is, and how it all ties together. Haven't completed a full case in this one yet, but so far it's worked decently. Get it and try it. Certainly useful for any Information Assurance students.

    Also sets itself as transportable which is ridiculously useful. I'll give it a 5 because it all comes together well.

  2. 4 out of 5 stars

    Reviewing 2.0.1001 (Feb 4, 2013)

    Most interesting +

  3. 3 out of 5 stars
    some guy

    Reviewing 1.2.1003 (Oct 7, 2012)

    wholemkt9 go fu*** your self!

Discuss OSForensics