CG数据库 >> PassMark OSForensics Professional 5.2 Build 1005

OSForensics 是一个数据恢复工具软件,能够快速地找到电脑中隐藏的东西,快速地查找索引文件,恢复已删除文件,并鉴别可疑的文件,数字签名等。

结果将会组织并生成报告文件。

OSForensics是一个强大的快速文件识别与分析工具,允许你通过Hash值来校验文件的安全性,通过对比即可得知文件是否完整,或是被病毒感染。

PassMark OSForensics Professional 5.x | 81.3 MbOSForensics allows you to identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data.

It lets you extract forensic evidence from computers quickly with advanced file searching and indexing and enables this data to be managed effectively.

Features:Discover Forensic Evidence FasterFind files faster, search by filename, size and timeSearch within file contents using the Zoom search engineSearch through email archives from Outlook, ThunderBird, Mozilla and moreRecover and search deleted filesUncover recent activity of website visits, downloads and loginsCollect detailed system informationPassword recovery from web browsers, decryption of office documentsDiscover and reveal hidden areas in your hard diskBrowse Volume Shadow copies to see past versions of filesIdentify Suspicious Files and ActivityVerify and match files with MD5, SHA-1 and SHA-256 hashesFind misnamed files where the contents don't match their extensionCreate and compare drive signatures to identify differencesTimeline viewer provides a visual representation of system activity over timeFile viewer that can display streams, hex, text, images and meta dataEmail viewer that can display messages directly from the archiveRegistry viewer to allow easy access to Windows registry hive filesFile system browser for explorer-like navigation of supported file systems on physical drives, volumes and imagesRaw disk viewer to navigate and search through the raw disk bytes on physical drives, volumes and imagesWeb browser to browse and capture online content for offline evidence managementThumbCache viewer to browse the Windows thumbnail cache database for evidence of images/files that may have once been in the systemSQLite database browser to view the and analyze the contents of SQLite database filesESEDB viewer to view and analyze the contents of ESE DB (.edb) database files, a common storage format used by various Microsoft applicationsPrefetch viewer to identify the time and frequency of applications that been running on the system, and thus recorded by the O/S's PrefetcherPlist viewer to view the contents of Plist files commonly used by MacOS, OSX, and iOS to store settings$UsnJrnl viewer to view the entries stored in the USN Journal which is used by NTFS to track changes to the volumeManage Your Digital InvestigationCase management enables you to aggregate and organize results and case itemsHTML case reports provide a summary of all results and items you have associated with a caseCentralized management of storage devices for convenient access across all OSForensics' functionalityDrive imaging for creating/restoring an exact copy of a storage deviceRebuild RAID arrays from individual disk imagesInstall OSForensics on a USB flash drive for more portabilityMaintain a secure log of the exact activities carried out during the course of the investigationProfessional and Bootable EditionsThe professional and bootable editions of OSForensics have many features not available in the free edition, including;Import and export of hash setsCustomizable system information gatheringNo limits on the amount of cases being managed through OSForensicsRestoration of multiple deleted files in one operationList and search for alternate file streamsSort image files by colourDisk indexing and searching not restricted to a fixed number of filesNo watermark on web capturesMulti-core acceleration for file decryptionCustomizable System Information GatheringView NTFS directory $I30 entries to identify potential hidden/deleted files-


PassMark OSForensics Professional 5.2 Build 1005的图片1

发布日期: 2018-02-23