Hopefully useful for someone...
Software name : OSForensics
Version : 2.0.1000
Release Type : Professional Edition
Last Updated : 30 January 2013 - 12:11 PM
OS Support : WinAll (x86/x64)
Developer : PassMark Software
Web-site : http://www.passmark.com/
OSForensics lets you extract forensic evidence from computers quickly with high performance file searches and indexing.
Identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data.
Manage your digital investigation and create reports from collected forensic data.
Key features:
- Find files faster
- Search within files
- Search for E-mails
- Recover deleted files
- Uncover Recent Activity
- Collect system information
- Password recovery
- Verify and match files
- Find misnamed files
- Compare drive signatures
- Timeline viewer
- File viewer
- Binary String Extraction
- Email viewer
- Registry viewer
- Case management
- Generate reports
- Portability
What's New:
Major changes
Support for multiple drives & folders when indexing. So an single index can now span more than drive.
Support for templates in the file indexing module. (to save re-entering data each time an index in created)
Ability to capture pages from web sites and add them to a case (not finished in this Alpha release).
Add support for searching multiple set of index files in a single search.
Added much improved E-mail viewer / browser.
Will open automatically if viewing an E-mail archive.
Can now add Email attachments to case
Added the option to copy files from a case to the output directory when creating a case report (instead of just including a reference to the files).
Changes to the Internal File Viewer.
Window can now be maximized. Minimum window size limits removed.
Minor metadata fixes
Can now add string list to case in Hex Viewer
Exported string list now contains string extraction settings
Can now carve to file (and add to case) in Hex Viewer
Can now directly open Office documents without the need for an external tool to extract the text. Should be significantly faster to open large documents in images.
The index search function in now built into OSF (so it is no longer an external .exe). This allows better persistent caching of the index which in some cases leads to much faster searches e.g. 500% times faster, for large sets of index files and search terms that give small result sets. Even in the worst case there will be around a 10% improvement on search times.
Carved file can now be added to case in the raw disk viewer
Implemented functions for reading the $I30 info file for NTFS directories. I30 data now shown in Hex View tab for NTFS directories.
WebBrowser, Added ability to add/save complete webpage to case as MHTML (.mht) file and image file. Can select region of screen to save or full screen. Free version of software will contain watermark, Pro version won't.
Changes to the raw disk viewer
Added right-click menu to search results in raw disk viewer. In particular, users can now export the search results to disk
'Select Range' dialog now populates 'Start offset' with current offset
'Select Range' dialog shows the number of bytes between the start and end offset
Minor changes
Changed UI layout to tab-based of memory viewer module. Re-organized buttons.
Bug fix when accessing zip file content on FAT16 volume using direct image access.
Fixed bug where FAT clusters were incorrectly flagged as deleted
Several speed improvements on FAT volume with using direct image access
Bug fix for assert errors at startup on machines with large amounts of RAM (> 32GB)
Fixed pre-scan file counting bug relating to upper and lower case files names in the indexing module.
The last folder used for a report is now stored to avoid the need to re-enter it.
Fixed a crash on exit caused by the memviewer freeing resources that it shouldn't be freeing.
Fixed a bug that prevented case reports being generated on any drive other than the one the case resided on.
Made some changes to the Opera browser recent activity functions to prevent a possible crash.
Added toolbar for quick access to changing views in file system browser.
Fixed file name issues when exporting HFS+ files to an NTFS drive where the file name on the Mac system used characters that are illegal characters on a NTFS system.
Changed behaviour when adding emails from a search to overwrite existing ones (previously would create a second copy with a number appended to the name)
Change behaviour so that when an email overwrites one that already exists the list view item of the old item is updated with the new title
Added right-click function for directories in file system viewer to switch to 'Create Signature' module and automatically fill in location
Better handling of nested e-mail/attachments in the index search function
New indexer with fixes for index search results showing corrupted URLs for email attachments & also fixed binary string extraction skipping longer phrases
Fixed bug in Mbox Email Reader with attachments missing characters in the filename.
Fixed progress bar for adding email and attachment to the case
Fixed Email path issues in the file signature function.
DOS batch (.bat) files can now be run from the system information function.
Corrected an issue where the "Live system Capable" radio buttons was not checked when editing a command in system information function.
Allow right-click Copy/Copy All in the system information results tab
Fixed buffer overflow caused by long header fields (eg. 'To:')
More information about the index is displayed under the results window.
Changed default number of maximum search results to 1000 from 5000.
Adding logging and error conditions for searching an index
Fixed a bug preventing FireFox recent activity history from being read when directly accessing an image file
Fixed a bug where the location of IE & Safari recent activity entries could show uninitialised character values when directly accessing an image file
Fixed bug when in search index function when opening a word list that contains extended ASCII characters.
Fixed bug in search index history list view when a past search query contains spaces
Bulk searches performed via 'Browse Index' tab can now be cancelled by the user before they have completed
Added message box after successfully carving to file in the raw disk viewer
Fixed a bug with Chrome timestamps not being converted correctly in recent activity and new Chrome releases.
Fixed a typo in recent activity drop down (Form History)
Fixed incorrect display of Cyrillic characters in some recent activity output (Chrome and Firefox)
Password to unpack:D4NBNQD4NBNQ43y3z43y3
(回复可见内容)
Software name : OSForensics
Version : 2.0.1000
Release Type : Professional Edition
Last Updated : 30 January 2013 - 12:11 PM
OS Support : WinAll (x86/x64)
Developer : PassMark Software
Web-site : http://www.passmark.com/
OSForensics lets you extract forensic evidence from computers quickly with high performance file searches and indexing.
Identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data.
Manage your digital investigation and create reports from collected forensic data.
Key features:
- Find files faster
- Search within files
- Search for E-mails
- Recover deleted files
- Uncover Recent Activity
- Collect system information
- Password recovery
- Verify and match files
- Find misnamed files
- Compare drive signatures
- Timeline viewer
- File viewer
- Binary String Extraction
- Email viewer
- Registry viewer
- Case management
- Generate reports
- Portability
What's New:
Major changes
Support for multiple drives & folders when indexing. So an single index can now span more than drive.
Support for templates in the file indexing module. (to save re-entering data each time an index in created)
Ability to capture pages from web sites and add them to a case (not finished in this Alpha release).
Add support for searching multiple set of index files in a single search.
Added much improved E-mail viewer / browser.
Will open automatically if viewing an E-mail archive.
Can now add Email attachments to case
Added the option to copy files from a case to the output directory when creating a case report (instead of just including a reference to the files).
Changes to the Internal File Viewer.
Window can now be maximized. Minimum window size limits removed.
Minor metadata fixes
Can now add string list to case in Hex Viewer
Exported string list now contains string extraction settings
Can now carve to file (and add to case) in Hex Viewer
Can now directly open Office documents without the need for an external tool to extract the text. Should be significantly faster to open large documents in images.
The index search function in now built into OSF (so it is no longer an external .exe). This allows better persistent caching of the index which in some cases leads to much faster searches e.g. 500% times faster, for large sets of index files and search terms that give small result sets. Even in the worst case there will be around a 10% improvement on search times.
Carved file can now be added to case in the raw disk viewer
Implemented functions for reading the $I30 info file for NTFS directories. I30 data now shown in Hex View tab for NTFS directories.
WebBrowser, Added ability to add/save complete webpage to case as MHTML (.mht) file and image file. Can select region of screen to save or full screen. Free version of software will contain watermark, Pro version won't.
Changes to the raw disk viewer
Added right-click menu to search results in raw disk viewer. In particular, users can now export the search results to disk
'Select Range' dialog now populates 'Start offset' with current offset
'Select Range' dialog shows the number of bytes between the start and end offset
Minor changes
Changed UI layout to tab-based of memory viewer module. Re-organized buttons.
Bug fix when accessing zip file content on FAT16 volume using direct image access.
Fixed bug where FAT clusters were incorrectly flagged as deleted
Several speed improvements on FAT volume with using direct image access
Bug fix for assert errors at startup on machines with large amounts of RAM (> 32GB)
Fixed pre-scan file counting bug relating to upper and lower case files names in the indexing module.
The last folder used for a report is now stored to avoid the need to re-enter it.
Fixed a crash on exit caused by the memviewer freeing resources that it shouldn't be freeing.
Fixed a bug that prevented case reports being generated on any drive other than the one the case resided on.
Made some changes to the Opera browser recent activity functions to prevent a possible crash.
Added toolbar for quick access to changing views in file system browser.
Fixed file name issues when exporting HFS+ files to an NTFS drive where the file name on the Mac system used characters that are illegal characters on a NTFS system.
Changed behaviour when adding emails from a search to overwrite existing ones (previously would create a second copy with a number appended to the name)
Change behaviour so that when an email overwrites one that already exists the list view item of the old item is updated with the new title
Added right-click function for directories in file system viewer to switch to 'Create Signature' module and automatically fill in location
Better handling of nested e-mail/attachments in the index search function
New indexer with fixes for index search results showing corrupted URLs for email attachments & also fixed binary string extraction skipping longer phrases
Fixed bug in Mbox Email Reader with attachments missing characters in the filename.
Fixed progress bar for adding email and attachment to the case
Fixed Email path issues in the file signature function.
DOS batch (.bat) files can now be run from the system information function.
Corrected an issue where the "Live system Capable" radio buttons was not checked when editing a command in system information function.
Allow right-click Copy/Copy All in the system information results tab
Fixed buffer overflow caused by long header fields (eg. 'To:')
More information about the index is displayed under the results window.
Changed default number of maximum search results to 1000 from 5000.
Adding logging and error conditions for searching an index
Fixed a bug preventing FireFox recent activity history from being read when directly accessing an image file
Fixed a bug where the location of IE & Safari recent activity entries could show uninitialised character values when directly accessing an image file
Fixed bug when in search index function when opening a word list that contains extended ASCII characters.
Fixed bug in search index history list view when a past search query contains spaces
Bulk searches performed via 'Browse Index' tab can now be cancelled by the user before they have completed
Added message box after successfully carving to file in the raw disk viewer
Fixed a bug with Chrome timestamps not being converted correctly in recent activity and new Chrome releases.
Fixed a typo in recent activity drop down (Form History)
Fixed incorrect display of Cyrillic characters in some recent activity output (Chrome and Firefox)
Password to unpack:D4NBNQD4NBNQ43y3z43y3
(回复可见内容)