PassMark OSForensics Professional 6.1 Build 10056-數據恢復工具軟件 OSForensics是一個數據恢復工具軟件,能夠快速地找到電腦中隱藏的東西,快速地查找索引文件,恢復已刪除文件,並鑑別可疑的文件,數字簽名等。結果將會組織並生成報告文件。OSForensics是一個強大的快速文件識別與分析工具,允許你通過Hash值來校驗文件的安全性,通過對比即可得知文件是否完整,或是被病毒感染。 OSForensicsallowsyoutoidentifysuspiciousfilesandactivitywithhashmatching,drivesignaturecomparisons,e-mails,memoryandbinarydata.Itletsyouextractforensicevidencefromcomputersquicklywithadvancedfilesearchingandindexingandenablesthisdatatobemanagedeffectively. Features: DiscoverForensicEvidenceFaster Findfilesfaster,searchbyfilename,sizeandtime SearchwithinfilecontentsusingtheZoomsearchengine SearchthroughemailarchivesfromOutlook,ThunderBird,Mozillaandmore Recoverandsearchdeletedfiles Uncoverrecentactivityofwebsitevisits,downloadsandlogins Collectdetailedsysteminformation Passwordrecoveryfromwebbrowsers,decryptionofofficedocuments Discoverandrevealhiddenareasinyourharddisk BrowseVolumeShadowcopiestoseepastversionsoffiles IdentifySuspiciousFilesandActivity VerifyandmatchfileswithMD5,SHA-1andSHA-256hashes Findmisnamedfileswherethecontentsdon'tmatchtheirextension Createandcomparedrivesignaturestoidentifydifferences Timelineviewerprovidesavisualrepresentationofsystemactivityovertime Fileviewerthatcandisplaystreams,hex,text,imagesandmetadata Emailviewerthatcandisplaymessagesdirectlyfromthearchive RegistryviewertoalloweasyaccesstoWindowsregistryhivefiles Filesystembrowserforexplorer-likenavigationofsupportedfilesystemsonphysicaldrives,volumesandimages Rawdiskviewertonavigateandsearchthroughtherawdiskbytesonphysicaldrives,volumesandimages Webbrowsertobrowseandcaptureonlinecontentforofflineevidencemanagement ThumbCacheviewertobrowsetheWindowsthumbnailcachedatabaseforevidenceofimages/filesthatmayhaveoncebeeninthesystem SQLitedatabasebrowsertoviewtheandanalyzethecontentsofSQLitedatabasefiles ESEDBviewertoviewandanalyzethecontentsofESEDB(.edb)databasefiles,acommonstorageformatusedbyvariousMicrosoftapplications Prefetchviewertoidentifythetimeandfrequencyofapplicationsthatbeenrunningonthesystem,andthusrecordedbytheO/S'sPrefetcher PlistviewertoviewthecontentsofPlistfilescommonlyusedbyMacOS,OSX,andiOStostoresettings $UsnJrnlviewertoviewtheentriesstoredintheUSNJournalwhichisusedbyNTFStotrackchangestothevolume ManageYourDigitalInvestigation Casemanagementenablesyoutoaggregateandorganizeresultsandcaseitems HTMLcasereportsprovideasummaryofallresultsanditemsyouhaveassociatedwithacase CentralizedmanagementofstoragedevicesforconvenientaccessacrossallOSForensics'functionality Driveimagingforcreating/restoringanexactcopyofastoragedevice RebuildRAIDarraysfromindividualdiskimages InstallOSForensicsonaUSBflashdriveformoreportability Maintainasecurelogoftheexactactivitiescarriedoutduringthecourseoftheinvestigation ProfessionalandBootableEditions TheprofessionalandbootableeditionsofOSForensicshavemanyfeaturesnotavailableinthefreeedition,including; Importandexportofhashsets Customizablesysteminformationgathering NolimitsontheamountofcasesbeingmanagedthroughOSForensics Restorationofmultipledeletedfilesinoneoperation Listandsearchforalternatefilestreams Sortimagefilesbycolour Diskindexingandsearchingnotrestrictedtoafixednumberoffiles Nowatermarkonwebcaptures Multi-coreaccelerationforfiledecryption CustomizableSystemInformationGathering ViewNTFSdirectory$I30entriestoidentifypotentialhidden/deletedfiles