• 
  • Find files faster
  • Search within files
  • Search for E-mails
  • Recover deleted files
  • Uncover Recent Activity
  • Collect system information
  • Password recovery
• 
  • Verify and match files
  • Find misnamed files
  • Compare drive signatures
  • Timeline viewer
  • File viewer
  • Binary String Extraction
  • Email viewer
  • Registry viewer
• 
  • Case management
  • Generate reports
  • Portability
  • Support

   

Ranked #1 free
forensics tool

• 

Password recovery & Decryption

Web browser user names and passwords

With OSForensics you can recovery browser passwords from IE, Firefox and Chrome. This can be done on the live machine or from an image of harddrive. Data recovered includes, the URL of the website (usually HTTPS), the login username, the site's password, the browser used to access the site & the Window's user name. Blacklisted URLs are also reported, showing the user has visited the site but elected not to store a password in the browser.

Rainbow tables & hash cracking

Rainbow tables are large tables of plain text passwords and hashes. They allow a password to be quickly looked up if a hash for that password is known.

OSForensics can both generate and use rainbow tables for the MD5, LM and SHA1 hashes. Free example rainbow tables are available on the download page.

Decryption & password recovery of office documents

OSForensics supports two methods of gaining acccess to encrypted office documents.

The first method is for older documents that use 40bit encryption (old XLS, DOC & PDF files). For these documents is it possible to try all possible keys to decrypt the document, with the output being an unencrypted file.

[Coming soon] The second method is a brut force attack on documents with more up to date encryption. In this senerio it is possible to select a dictionary for a dictionary attack.