Forensics Investigation of RAW Image using OS Forensics Tool

OS Forensics allows you to identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data.

It lets you extract forensic evidence from computers quickly with advanced file searching and indexing and enables this data to be managed effectively.

Features

·         Discover Forensic Evidence Faster

·         Find files faster, search by filename, size and time

·         Search within file contents using the Zoom search engine

·         Search through email archives from Outlook, ThunderBird, Mozilla and more

·         Recover and search deleted files

·         Uncover recent activity of website vists, downloads and logins

·         Collect detailed system information

·         Password recovery from web browsers, decryption of office documents

·         Discover and reveal hidden areas in your hard disk

·         Browse Volume Shadow copies to see past versions of files

·         Identify Suspicious Files and Activity

·         Verify and match files with MD5, SHA-1 and SHA-256 hashes

·         Find misnamed files where the contents don't match their extension

·         Create and compare drive signatures to identify differences

·         Timeline viewer provides a visual representation of system activity over time

·         File viewer that can display streams, hex, text, images and meta data

·         Email viewer that can display messages directly from the archive

·         Registry viewer to allow easy access to Windows registry hive files

·         File system browser for explorer-like navigation of supported file systems on physical drives, volumes and images

·         Raw disk viewer to navigate and search through the raw disk bytes on physical drives, volumes and images

·         Web browser to browse and capture online content for offline evidence management

·         ThumbCache viewer to browse the Windows thumbnail cache database for evidence of images/files that may have once been in the system

·         SQLite database browser to view the and analyze the contents of SQLite database files

·         ESEDB viewer to view and analyze the contents of ESE DB (.edb) database files, a common storage format used by various Microsoft applications

·         Prefetch viewer to identify the time and frequency of applications that been runnning on the system, and thus recorded by the O/S's Prefetcher

First Download OS Forensic  from here and install in your pc then open OS Forensic and click on create  case  button to  create a new forensic case.

First Download OS Forensic  from here and install in your pc then open OS Forensic and click on create  case  button to  create a new forensic case.

Now enter the details such as Case Name, Investigator Name, Default Drive, and Acquisition Type.

To specify the case folder, click on browse & select the Location where you want to save your Evidence Report.

Now it will show us the registered case in this tool. Now to manage this case, click on Add Device option available in Manage Current Case.

Now select Image File option in Select Device to add option. Now assign the path of the folder where image file exists and also give the Display Name which is compulsory. Click on OK Button.

Now it will show us the details of the Image File.

Now to search the file based on file type click on the option File Name Search .Browse the forensic Image file in Start Folder. Select Preset Popup Menu to specify the type of the file such as images, audio, or video etc. It will show the file list.

Now to get the recent activity which is helpful to see the latest trends and activities of the user, click on    Recent Activity Option and select the Scan Drive option and then click on Scan Option.

To find the Deleted File from User System, Click on Deleted File Search. Select Forensic Image File and click on Search option. It will show all the deleted files in the Forensic Image File. To see the working of other options in this tool wait for the article which is coming soon?