Version 8 Beta
A Beta release of V8 of OSForensics for community testing and feedback is now available. Please see this forum post about the new features and the download link.
Digital Forensics Framework. Digital Forensics Framework is another popular platform dedicated to. He presents a wide list of forensic tools, which can be used for solving common problems, such as imaging, file analysis, data carving, decryption, email analysis, etc. Here is the full list of tools discussed in the podcast: RECON for Mac OS X – Automated Mac Forensics, RAM Imaging, Search features, Live Imaging and Timeline generation. The SIFT Workstation is a group of free open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings. It can match any current incident response and forensic tool suite. SIFT demonstrates that advanced incident response capabilities and deep dive digital forensic techniques. Helix3 Pro focuses on forensics tools and incident response techniques. It is designed to be used by individuals who have an understanding of these techniques. With this tool, users can create forensic images of all internal devices, search for specific file types like document files, graphic files, etc. Common VPN tools hash set on Win10 64bit, 2019. Already bundled with OSF V7: 761 KB: Download: The hash sets can also be purchased as a complete set pre-loaded onto a hard disk. Installing the Hash Sets. To install the hash sets, you must download the individual zip files (linked above), and unzip them into the OSForensics program data folder.
Older Versions
We are no longer working on older versions of OSForensics, but you can download the older versions of OSForensics on our website. This is purely for supporting users of the previous versions.
We recommend upgrading to Version 7 where possible, as we have improved many aspects of OSForensics and have addressed many issues based on user feedback.
If you do not wish to upgrade to Version 7, you can download old software releases here.
Version | Download |
OSForensics v6.1.1005 | Download |
OSForensics v5.2.1007 | Download |
OSForensics v4.0.1002 | Download |
System requirements
Windows Vista, Win 7, Win 8, Win 10
Windows Server 2000, 2003, 2008, 2012, 2016, 2019
32bit and 64bit support, (64bit recommended)
Minimum 1GB of RAM. (8GB+ recommended)
200MB of free disk space, or can be run from USB drive
Download Hash Sets
OSForensics allows you to use Hash Sets to quickly identify known safe files (such as operating system and program files) or known suspected files (such as viruses, trojans, hacker scripts) to reduce the need for further time-consuming analysis. You can download some sample hash sets below. They are individually zipped.
Hash sets | Size | Download |
Windows 10 Home v1709 build:16299 (x64) hash set | 37,376 KB | Download |
Windows 8.1 Professional (x64) hash set | 10,228 KB | Download |
Windows 8.1 (x64) hash set | 10,232 KB | Download |
Windows 8 Professional (x64) hash set | 9,785 KB | Download |
Windows 8 (x64) hash set | 9,785 KB | Download |
Win7 Ultimate (32-bit) hash set | 18,825 KB | Download |
Win7 Enterprise (x64) hash set | 11,670 KB | Download |
Vista Business (32-bit) hash set | 8,475 KB | Download |
Vista Business (x64) hash set | 8,069 KB | Download |
XP Professional SP3 (32-bit) hash set | 1,889 KB | Download |
XP Professional SP2 (x64) hash set | 1,456 KB | Download |
Office 365 v1806 build:10228 (Win10) hash set | 1,528 KB | Download |
Office 2007 Enterprise (Vista) hash set | 1,313 KB | Download |
Office 2007 Enterprise (Win7) hash set | 1,978 KB | Download |
Common Keyloggers hash set. Old set from 2010 | 124 KB | Download |
Common Keyloggers hash set on Win10 64bit, 2019 Already bundled with OSF V7 | 281 KB | Download |
Common Peer to Peer P2P tools hash set on Win10 64bit, 2019. Already bundled with OSF V7 | 1177 КВ | Download |
Common Cryptocurrency tools hash set on Win10 64bit, 2019. Already bundled with OSF V7 | 761 KB | Download |
Common VPN tools hash set on Win10 64bit, 2019. Already bundled with OSF V7 | 761 KB | Download |
The hash sets can also be purchased as a complete set pre-loaded onto a hard disk.
Installing the Hash Sets
To install the hash sets, you must download the individual zip files (linked above), and unzip them into the OSForensics program data folder.
On Vista, Windows 7, Server 2008+ & Win10, this would typically be the following folder (you may need to enable viewing of hidden directories to see it or enter it directly into the Explorer address bar):
C:ProgramDataPassMarkOSForensicshashSets
On XP and Server 2000/2003, it is typically something like this:
C:Documents and SettingsAll UsersApplication DataPassMarkOSForensicshashSets
You will then need to restart OSForensics if you have it currently open. When you next start OSForensics, you should now find additional sets listed in the tree view under the 'Hash Sets' module.
Download Rainbow Tables
OSForensics enables you to utilize Rainbow Tables to retrieve passwords given that you have the hash (encrypted text) of that password. The use of rainbow tables serve essentially as a time-memory trade off in the decryption of a hash. That is, they store precomputed password to hash pairs, so that instead of generating these pairs on the fly, you can just search for a hash in the table to recover the password corresponding to that hash. OSForensics can generate Rainbow Tables for different input parameters. Some example Rainbow Tables are available below for download. They are individually zipped. To install the Rainbow Tables for use with OSForensics, refer to the paragraph below. To use these rainbow tables for password retrieval, click the 'Retrieve Password with Rainbow Table' tab in the Passwords module of OSForensics. You can also download and use Indexed Rainbow Tables from rainbowtables.com (use RTI1 files only) with OSForensics.
Hash sets | Size | Download |
md5_loweralpha-numeric#1-7_0_72656x4797112_OSF | 32.6 MB | Download |
lm_alpha-numeric#1-7_0_23680x23656320_OSF | 172 MB | Download |
sha1_loweralpha-numeric#1-6_0_4235x3708576_OSF | 20.4 MB | Download |
The rainbow tables can also be purchased as a set pre-loaded onto a hard disk.
Installing the Rainbow Tables
To install the Rainbow Tables, you must download the individual zip files (linked above), and unzip them into the RainbowTables folder located in the OSForensics program data folder.
On Vista, Windows 7-10, and Server 2008 and up, this would typically be the following folder (you may need to enable viewing of hidden directories to see it or enter it directly into the Explorer address bar):
C:ProgramDataPassMarkOSForensicsRainbowTables
On XP and Server 2000/2003, it is typically something like this:
C:Documents and SettingsAll UsersApplication DataPassMarkOSForensicsRainbowTables
If you already have OSForensics open, then you may need to click the 'Refresh' button under the rainbow tables display window to view the rainbow table/s you have added.
Content Written By Henry Dalziel, 2020
Digital Forensic Hacking Tools For Use In 2020
Cybercrime keeps growing. My research shows that Pre-COVID, i.e. BCV, (Before Corona Virus) the estimates were that Cybercrime will cost as much as $6 trillion annually by 2021. However, owing to the “desperation” many unemployed now feel, this figure might be a lot higher.
Digital Cybersecurity Forensics is a booming niche that will likely remain so for a long time.
Digital Forensics is a massive subject and requires meticulous planning and execution for it to be deemed successful. When we say ‘successful’ we refer to there being a guilty conviction for am incriminating cybercrime that took place.
Typically InfoSec Digital Forensics is dictated by the “Chain Of Custody” principle and vital to that process is the procuring and storing of evidence which is achieved by some of the tools that we’ve gone ahead and listed below.
Mac Marshall Forensic
Within all the different IT security careers we’d say that Digital Forensics ought to be one of the fastest-growing sectors within Cybersecurity. The sheer escalating level and variations of hacks all require investigation, analysis, and legal processes to secure convictions.
Autopsy
Autopsy is a digital forensics platform that works in a GUI environment. Autopsy works within ‘The Sleuth Kit (TSK)’ library is a collection of command-line forensic tools.
This tool allows the user to investigate disk images. The Sleuth Kit is used law enforcement, military, and corporate examiners to investigate what happened on a computer – and therefore if you would like to start a career in as a digital forensic investigator then a thorough understanding of this tool would be a clever and smart investment.
Is Autopsy Free?
Yes, this tool is free to use.
Does Autopsy Work on all Operating Systems?
It works on Linux, Windows and MAC OS X.
Free Forensic Tools For Mac
What are the Typical Uses for Autopsy?
The main purpose of TSK is to execute volumes, drives and file system data. The plug-in framework allows additional modules to view file contents and build automated systems. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
Maltego
Very possibly one of the best-known forensics and social engineering hacking tools on the market. It’s a very popular tool amongst those that are familiar with it.
Maltego is developed by Paterva and is a tool used for open-source forensics and intelligence. Its focus is to provide a library of transforms for the discovery of data from different open sources and visualize that data into a graph format which is suitable for data mining and link analysis.
Maltego allows building custom entities, allowing it to produce any type of information in addition to the types of basic entity which are part of the tool. The primary focus of this tool is to analyze real-world relationships between people, websites, groups, internet infrastructure, networks, domains and affiliations with social media services such as Facebook and Twitter.
Forensic Tools For Mac Ipod And Iphone
This hacking tool has two types of reconnaissance options, personal and infrastructural. Personal reconnaissance includes personal information such as phone numbers, email addresses, mutual friends, social networking profiles, etc. while Infrastructural reconnaissance deals with the domains, covering DNS information such as mail exchangers, name servers, DNS to IP mapping and zone transfer tables.
Maltego sends clients’ information in the XML format over a secure HTTPS connection by using seed servers. Once the information is processed at the server-side, the results are brought back to the Maltego client. Getting all publicly available data using manual techniques and search engines is time-consuming but with Maltego, it automates the data gathering process to a great extent, thus saving a lot of time for the user/attacker.
Is Maltego Free?
Maltego CE and Casefile are free to download wherein Maltego XL and Maltego Classic are paid tools. Maltego XL is the premiere edition of this tool. Features and capabilities of Maltego Classic are included here but this is the enhanced version that can work on large graphs. This will also allow you to map out a clear threat picture of the entire network making it easy in identifying abnormalities or weak points.
Maltego Classic, on the other hand, is the professional version of Maltego that gives extended compatibilities and functionalities with the community version of the tool. This can also be used in a commercial environment in which free versions cannot. This paid tool can create far larger graphs compared to the community version since this has no limitation on the entities that can be returned from a single transform. You can also export the results from a range of different formats.
Does Maltego Work on all Operating Systems?
Maltego currently works on Windows, Linux and Mac operating systems.
What are the Typical Uses for Maltego?
The primary focus of this tool is to analyze real-world relationships between data that is accessible through the internet which includes footprinting internet infrastructure and gathering data about people and organizations owning it. The connection between these pieces of data is found by using OSINT techniques by querying searches such as whois records, social networks, DNS records, different online APIs, extracting metadata and search engines. A wide range graphical layout results will be provided by this tool that allows for the clustering of data which makes relationships accurate and instant.
Encase
Commonly used by law enforcement, EnCase is forensics software and its use has made it one of the de-facto standards in forensics.
EnCase is not a free tool but you can request a demo in case you’re interested in using this tool.
Does EnCase Work on all Operating Systems?
EnCase is a Windows-only tool.
What are the Typical Uses for EnCase?
EnCase is primarily used in collecting information from a computer system by employing checksums to aid in detect tampering to evidence. It can collect information from different types of devices and produce concise forensic reports.
Helix3 Pro
Just like the previous tools, Helix3 Pro is a unique tool customized for computer forensics. It has been created very carefully to avoid touching the host computer.
The good thing is that Helix will not automatically mount swap space nor auto mount any devices attached.
Is Helix3 Pro Free?
No, Helix3 Pro is a commercial tool. There’s a free version of this tool but it’s older and not anymore supported.
Does Helix3 Pro Work on all Operating Systems?
This tool works natively on Linux operating systems, MAC OS X and Windows.
What are the Typical Uses for Helix3 Pro?
Helix3 Pro focuses on forensics tools and incident response techniques. It is designed to be used by individuals who have an understanding of these techniques. With this tool, users can create forensic images of all internal devices, search for specific file types like document files, graphic files, etc.
FAQ
What Is The Definition Of Digital Forensic Technology?
Digital forensics is a branch of forensic science that is concerned with identifying, recovering, investigating, validating, and presentation of facts regarding digital evidence found on computers or similar digital storage media devices.
What Is The Function Of Digital Forensic?
The main role of computer forensics techniques is to searching, preserving and analyzing information on computer systems to seek potential evidence for a trial. In the early days of computers, it was possible for a single detective to sort through files because storage capacity was so low.
Is It Crucial To Have Digital Forensic Installed?
Computer forensics very essential because it can save your organization money.
From a technical standpoint, the main purpose of computer forensics is to identify, collect, preserve, and analyze data in a way that preserves the integrity of the evidence collected so it can be used effectively in a legal case.
What’s The Point Of Digital Forensics?
Computers are instruments for carrying out cybercrime, and with the help of the burgeoning science of digital evidence forensics, law enforcement now uses computers to fight crime. Digital evidence is commonly associated with electronic crime, or e-crime, such as child pornography or credit card fraud.
How High Is The Demand For Computer Forensic Experts?
The Bureau of Labor Statistics (BLS) categorizes the work computer forensics examiners do under the information security analyst category. According to 2017 data, it is expected that the demand for this job will rise up to 28 percent from 2016 to 2026, which is extremely fast.
How Does Digital Forensic Differ From “Information Security”?
Cyber security serves as a protection and defends the information systems from threats such as the misuse of systems, attackers, data theft, malware outbreaks, and system outages. While cyber forensics is the collection, preservation, acquisition, and analysis of digital artifacts for use in legal proceedings.
What Bachelor’s Degree Does A Computer Analyst Need To Start A Career In Digital Forensics?
Striving forensic computer analysts basically needs to pursue bachelor’s degree in a field such as digital forensics, computer forensics, or computer security.
How Does Digital Forensics Relates Towards Cyber Security?
Generally, Digital forensics clearly referred to as the search for and detection, recovery, and preservation of evidence found on digital systems, often for criminal or civil legal purposes
When Did The Digital Forensics Begin?
Since 1990s, the name which was previously known as digital forensics was commonly termed ‘computer forensics’. The first computer forensic technicians were law enforcement officers who were also computer hobbyists. In the USA in 1984 work began in the FBI Computer Analysis and Response Team (CART).
How Much Does A Digital Forensic Specialist Earn Per Year?
A computer forensic investigator receives a total amount of $58,000 annually this is according to the job site. While many private investigator jobs do not require degrees, computer forensic technicians are usually required to have bachelor’s degrees in criminal justice, computer science or even accounting.
I’m not sure how this figure has changed as a result of the Coronavirus devastation but I suspect that it is still a decent salary.
What Is The Work Of A Digital Forensic Analyst?
Computer forensic analysts generate their ideas by combining their computer science background with their forensic skills to recover information from computers and storage devices. Analysts are responsible for assisting law enforcement officers with cyber crimes and to retrieve evidence.