Computer forensics packages are normally used by law enforcement officials, governments and big corporations to find out exactly what someone’s been doing on a particular PC. But that’s only part of what they can do. A good forensics tool can also help you find lost files, recover passwords, detect malware, and carry out all kinds of other interesting low-level system checks.
It’s hard to test this for yourself, of course, because most forensics packages are hugely expensive. But OSForensics is a rare exception. As it’s new, and in beta, you can try it out for free – and there are plenty of reasons why you should grab a copy for yourself.
The program is able to create signatures, for instance, that describe all the current files on your PC. Build a signature now, another after, say, installing an application, and OSForensics will show you exactly which files have changed on your system: very interesting.
The built-in OSFMount tool allows you to mount all kinds of disk images – ISO, BIN, NRG, SDI, VMDK and more – in virtual drives, so you can browse them in Explorer without having to burn the files to disc, first.
The Mismatch File Search module scans your PC for drives where the extension doesn’t match the content; a .TXT file that’s actually an EXE, say. This can help uncover malware, or situations where other users of your PC are trying to hide files by renaming them. And it may also reveal interesting facts about files that you hadn’t previously realised; we were told that our old Empire Earth III save game files were actually ZIP archives, for instance, perhaps useful if we wanted to explore the format further.
There are plenty of interesting low-level tools here. The Raw Disk Viewer, for example, displays the contents of your chosen drive at the sector level. And the Memory Viewer enables you to browse the RAM of your running processes, and look for any text strings they might contain, very handy if you’re trying to figure out what a particular program is doing.
You also get fast file search tools, a password recovery module (display your stored browser passwords at a click), an undelete tool, and more.
And, of course, there’s all the regular computer forensics functionality as well. Choose the Recent Activity module, say, then click Scan, and in a few moments OSForensics will tell you a great deal about how your system has been used: websites visited, files created, USB devices connected, wireless LANs accessed, programs installed and a whole lot more.
This is one powerful package, then. We’re not sure how much longer it’ll remain in beta, though, so if you’re interested in this kind of technology, then go download your copy of OSForensics now – it’s well worth a look.
Your Comments & Opinion