OSForensics is a free software which enables you to use Rainbow Tables for retrieving passwords for which you have the hash. This use of rainbow tables serve as a time-memory trade off in the decryption of a hash. With OSForensics you can also recover browser passwords, aggregate and organize results, as well as case items, analyze system memory, CPU, USB and hard disk information, check the recent user actions performed on a system, create an index files on a hard drive, look up files quicker than Windows default functionality, and much more. The main interface contains multiple tabs and sub-categories which provide options to perform the aforementioned and many more tasks.
You can create a case from the Create Case option located within the Start tab to group together all findings from different features of OSFForensics. To manage the case, go to the Manage Case tab, perform filename search, create, index and search indexes from the respective tabs. OSForensics can also search the content of files and return results after indexing. It is able to search within most common file formats.
A log of the recent user activity can be retrieved from the Recent Activity tab by clicking on the Scan button. You can refine your search according to date, time type, and use the filter options to view files by most recently used, WLAN, USB, browser history, downloads, chat log and cookies. Likewise, Deleted Files Search tab allows searching for deleted files.
From the Mismatch Files Search tab, you can locate Default (Built in), Mismatched (Built in), and all built in files. Thumbnail size can be enhanced from the slider at the bottom.
Raw memory and hard disk information can be gained from the Raw Memory and Raw Disk tabs. This can be useful for checking for hard disk, partition, file system and current position information. The Raw Memory tab allows checking dump process, crash dump files, and physical memory content.
OSForencis also allows creating drive images which can be later mounted from the Mount Drive Image tab.
OSForensics has the ability to create a unique digital identifier for a file or disk volume by calculating its hash value using the Verify/Create Hash module in OSForensics. You can choose from a number of cryptographic algorithms to create a hash, such as SHA-1, MD5 and SHA-256. Hash values uniquely identify the content of a files and can be used to discover other files with the same content, regardless of differing file name or file extension. This can be achieved from the Verify/Create Hash and Hash Sets tabs.
To learn more about using the features of OSForencis you can visit the developers website link given below. OSForencis works on
- Windows XP
- Windows Vista
- Windows 7