First of all download the OSForensics from here.
Select Create Signature Option. Click on Config .
Now
browse the desired Directory from Directory list management, in my case I am
selecting Desktop.
Click on Add to list Option to include the
directory. Click OK.
Now in start folder option, it will show us the selected
Drive i.e. c:\users\raj\desktop. Click
on the Start Option.
It
will ask for the File Name, enter the File Name & click on Save. So
signature for data drive will be created.
Now
does some modification in data drive and repeat the same steps to create
another signature after modifications in data drive.
Now click on Compare Signature Option.
Browse both files i.e. Old Signature as well as New
Signature Option.
Click
on Compare option .It will start the process. Now it will show us the files
with their modification status as well as their creation and modification date.
We can select show option to see only modified or deleted
files.
Now
it will show only deleted or modified files with their creation and deletion
date.
0 comments:
Post a Comment