OSForensics is a comprehensive computer forensics package that can help you locate and analyse the enormous amount of digital evidence that may be available on a computer system.
This kind of forensic tool is normally used to discover exactly what someone's been doing on their PC. So for instance you can quickly view the documents they've been opening, the web sites they've visited, the USB devices they've connected and any network shares they've used. It's possible to run text searches of any emails found on a system, from within the program. And you can even see what's inside a computer's memory at the moment, perhaps helping you to recover user names, passwords or other information that wouldn't normally be visible.
But OSForensics has many other useful applications.
There's an Undelete tool, for instance, that you can use to recover apparently lost files.
The clever Mismatch File Search option will scan your hard drive, checking file contents and alerting you when they don't match the extension (a .EXE file has been renamed as a .JPG, say). This could let you know if malware (or maybe another user of your PC) is trying to hide particular files.
There's support for Hash Matching, a technique that helps you quickly identify changed Windows, Microsoft Office or other files, again useful if you're looking for malware.
And if you install OSForensics to a USB flash drive then you can take the program anywhere, and use it on PCs without leaving any significant trace.
While OSForensics is currently free for personal-use/home users only. There's a separate Pro version which an increased number of features, all for $499. See http://www.osforensics.com/purchase.html for a comparison.
OSForensics 2.1 is a minor update:
- Added support for creating a self booting USB solution from the "Install to USB" section, this is a new tool called "WinPE builder" that can be launched after the "Install to USB" process.