OSForensics is a comprehensive computer forensics package that can help you locate and analyse the enormous amount of digital evidence that may be available on a computer system.
This kind of forensic tool is normally used to discover exactly what someone's been doing on their PC. So for instance you can quickly view the documents they've been opening, the web sites they've visited, the USB devices they've connected and any network shares they've used. It's possible to run text searches of any emails found on a system, from within the program. And you can even see what's inside a computer's memory at the moment, perhaps helping you to recover user names, passwords or other information that wouldn't normally be visible.
But OSForensics has many other useful applications.
There's an Undelete tool, for instance, that you can use to recover apparently lost files.
The clever Mismatch File Search option will scan your hard drive, checking file contents and alerting you when they don't match the extension (a .EXE file has been renamed as a .JPG, say). This could let you know if malware (or maybe another user of your PC) is trying to hide particular files.
There's support for Hash Matching, a technique that helps you quickly identify changed Windows, Microsoft Office or other files, again useful if you're looking for malware.
And if you install OSForensics to a USB flash drive then you can take the program anywhere, and use it on PCs without leaving any significant trace.
The free edition of OSForensics is for personal use only, and has some major restrictions:
- The indexing process will be restricted to 10,000 files or E-mails.
- The search results from an index will be limited to 250 files per search.
- Only 10 items to be added to each Case file.
- Only the first 10 passwords from each browser type wil be listed in the passwords function
A separate Pro version removes these restrictions and offers more features, all for $799. See http://www.osforensics.com/purchase.html for a comparison.
Version 3.3.1004: see the changelog for more info.