There are lots of information in Windows which are not available directly through any interface and for getting such information, third party tools are needed. OSForensics is a one such freeware digital investigation tool that lets you extract forensic data or fetch hidden information from a computer running Windows. It offers a variety of advanced search features that let you search and find recent computer and Internet activity, delete files, file types, stored passwords and other forensic information. The app allows you to search for files many times faster than the search functionality in Windows.
Search Results can be analysed in the form of a file listing, a Thumbnail View, or a Timeline View which allows you to determine where significant file change activity has occurred. This app can virtually fetch you any data from your PC. OSForensics can also create an index of the files on a hard disk. This allows for lightning fast searches for text contained inside the documents.
‘
You can search for emails within a PST email archive. There is also a deleted file recovery process, wherein OSForensics can track down this ghost file data and attempt to restore it back to useable state on the hard drive. OSForensics can fetch the user actions performed recently on Windows, including:
- Opened Documents
- Web Browsing History
- Connected USB Devices
- Connected Network Shares
There is also option to fetch all the stored passwords on the machine including browser passwords and Windows login passwords. The tool also comes with detailed system information and memory usage tracking tools.
Overall OSForensics is a very handy tool to fetch data which otherwise is not directly possible from Windows.