Jump to content











Photo

OSForensics


  • Please log in to reply
No replies to this topic

#1 bshavers

bshavers

    Frequent Member

  • Developer
  • 140 posts
  •  
    United States

Posted 28 February 2011 - 09:17 PM

Giving more usability to WinFE, OSForensics has several features that I can see being beneficial in triage of a system with OSForensics.  OSForensics can be run on a live system (not the optimal decision in most cases), a mounted image, or in a forensically booted WinFE system.

Posted Image

The program’s interface is simple and encompasses quite a bit of the basic forensic processes (searching, indexing, hashing, etc…).  Of particular interest is that some of these standard forensic processes can easily be used in a WinFE booted system for basic triage.

As an example, a scan of images of the suspect computer can be conducted with OSForensics.    This type of triage may certainly help determine which computer systems contain illicit images and need forensic analysis.Posted Image

Another feature that can benefit cases is that of indexing.  OSForensics allows for indexing of files, including email (pst, mbox.msg,eml, and dbx), for keyword searches.    Searches can also be restricted by date ranges.

Although OSForensics doesn’t appear to be as powerful as a tool such as X-Ways Forensics, I definitely foresee a place where it can used, particularly in a First Responder role.


http://feeds.wordpre...dpress.com/485/ http://feeds.wordpre...dpress.com/485/ http://feeds.wordpre...dpress.com/485/ http://feeds.wordpre...dpress.com/485/ http://feeds.wordpre...dpress.com/485/ http://feeds.wordpre...dpress.com/485/ http://feeds.wordpre...dpress.com/485/ Posted Image

View the full article




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users