When it comes to snooping through a computer, or just plain looking at data one of the best ways is to use some type of digital forensics tool. Over time, computers assimilate a large number of hidden files which store information about how the machine is being used. There are many ways why you would want to take a look at this information, for example if you were tasked with cleaning out an employee’s computer or something similar. You may even want to check up on yourself and see what kind of hidden files are available to others. Many digital forensics tools are expensive, and while there are a few open source alternatives a lot of those offerings don’t provide a huge selection of features. OSForensics is a Windows application that will allow you to extract forensic data and information from a computer quickly and efficiently. It makes use of a unique search and index system, which allows the app to identify information in a more rapid manner than usual.
What is it and what does it do
OSForensics is a Windows application that will allow you to extract forensic evidence from a computer, through hash matching, drive signature comparisons, e-mails, memory and binary data. The idea is to offer an efficient way to identify suspicious files and activity on a particular machine. Of course, as with any program of this caliber it can also be used in a negative manner, but that’s not what we’re here to discuss today.
- Remarkably comprehensive set of digital forensics tools
- The UI is easy to navigate, and a start tab includes shortcuts to every tool
- Light on system resources, despite the massive amount of tools on offer
- Supports 32-bit and 64-bit versions
- No issues encountered, therefore there’s nothing of significance to note. The only thing I can say is some of the tools require quite a bit more knowledge to use and interpret… but that should be obvious given the nature of this program
- You can create a portable version (but you need to inst, all the regular version first), and it’s only available in the premium version
This application is not portable so you will need to install it if you want to use it, unfortunately. Fortunately, you can make a portable version after install so you can use it with you on the go. Also, there are two versions of OSForensics available. A premium version can be purchased and downloaded from the official site which includes more features. The free version has several limitations and restrictions which I will do my best to point out in the rest of this review. For the review, I am covering the free version of OSForensics.
You can create a portable version to be placed on a USB drive, but first you must install the main package on your computer. Therefore, this application is portable, but I’m not going to treat it as such since you have to install it first.
OSForensics is a comprehensive tool, and when I say that I mean it truly does have everything you would ever need to snoop on a particular machine. Yes, before you take my head off I know that software like this can be used for other things besides “snooping,” let’s just move on.
Each tool has a separate tab in the window on the left hand side, and at the very top is a “start” tab with quick access buttons to all of the available tools. There are so many tools, in fact, that it’s impossible for me to thoroughly try every single one of them out. Keep that in mind before blasting the comments section. However, if you run into an issue that I did not mention in the review, then please feel free to share.
The tools included are the following:
- Manage Case
- File name search
- Create index
- Search index
- Recent activity
- Deleted files search
- Mismatch file search
- Memory viewer
- Raw disk viewer
- Register viewer
- File system browser
- SQLite DB browser
- Web browser
- System information
- Verify/Create hash
- Hash sets
- Create signature
- Compare signature
- Drive preparation
- Drive imaging
- Mount drive image
- Forensic copy
- Install to USB- to create a portable version
- Register- register a premium license
As you can see from the list of tools there’s a lot you can do with OSForensics. Available tasks include file recovery and file search, recent activity, password recovery, mismatched file identification, drive signature comparisons, and case management.
In the free version, there doesn’t appear to be any stipulations on any of the available tools. There are limitations though, which is a little different. In the free version, there is a limit to the amount of cases that can be managed through the app, and you can only restore one deleted file per operation. There are other limitations, but those are the most obvious. All differences between free and paid are clearly outlined on the developer’s official website.
Concerning the UI of OSForensics it leaves a little something to be desired, but it’s easily navigable nonetheless. It won’t be the most beautiful app you’ll ever see in your lifetime but it gets the job done. I noticed that the massive amount of tools tends to clutters the UI. While a lot of them are necessary, it’s nice to have the starting tab at the very top so you can just pick and choose the tool you want without having to browse through the entire list.
Overall, it seems like this app is tailored for more experienced users, but also those who may not want to bother with professional grade forensics tools. On top of that, it’s a cheaper alternative to dishing out hundreds of dollars for a similar product. The included tools are quite easy to use, but translating some of the information offered won’t be easy for the feint of heart. The raw disk viewer tool, for example, allows you to browse pure data in a hexadecimal array. For anyone that’s not familiar with hex based data, it’s easy to get lost in the swarm.
For reference, OSForensics uses about 12MB of RAM while running, which is remarkably light considering how many tools are on offer.
Conclusion and download link
OSForensics is a comprehensive data analyzation and digital forensics tool that allows you to search deep into various filesystems for hidden and suspicious content. There are a lot of tools on offer, some of which would be useful even to the average user. Unfortunately, many of them are a little too complicated for casual users and the data they collect is not easily deciphered. Don’t take that to mean this is a poor app; quite the contrary actually. If you know exactly what you’re doing, or what you need to search for, then OSForensics is certainly the way to go. The catch is that you must know what you are doing… but that is somewhat of an obvious.
It’s totally free, and you can upgrade to the premium version at any time to remove some of the limitations which were pointed out in the discussion above. It’s also remarkably light on resources, despite the fact that it includes a whole bevy of tools. There are really no major issues with the app, unless you count the rather bland UI, but that’s hardly a severe issue.
Overall, if you’re looking to do some snooping or just want to find a little more hidden material on your own computer, you should check this one out. But be warned, if you’re a casual user you may need to do a bit of reading before you can understand how to use some of the tools included and how to interpret the collected data.
Version reviewed: 2.1.1.000
Supported OS: Windows 8/7/Vista/XP
Download size: 43MB
VirusTotal malware scan results: 0/44
Is it portable? Yes (but you must install it first, then can create a portable version)