OSForensics V1.1 Public Beta
OSForensics V1.1 beta release
V1.1 development and testing is now complete. The beta testing period has ended.
You can download the current version here.
- Added ability to investigate raw NTFS image files directly from OSF without mounting them.
- Images and physical drives can now be added to the case as devices.
- All of OSF features have been updated to act on these devices.
- Image files can now be given a short hand ‘display name’ handle. E.g. Case123:\
- Completely by passes file system and file permissions.
- Added File System Browser
- View hidden NTFS files ($AttrDef, $MFT, $Boot, etc..)
- View and copy locked files
- Automatic calculation of directory size in a background thread.
- Browse history location bar.
- Integration into bookmark, hashing, indexing and file viewing functions
- Can jump to file’s offset on the raw disk
- Disk NTFS stream information (pro version only).
- Display of cluster information and file fragmentation.
- Added right-click functionality to jump to file's disk offset in raw disk viewer.
- Registry Viewer
- Improved speed of Registry Viewer.
- Enabled the data/values/match whole options in the registry viewer search dialog.
- Fixed a bug where the last search term in the registry viewer wasn't being cleared properly for a new search in some cases (leading to no results)
- Various other crash bug fixes.
- Added new warning when trying to import NSRL data into the existing example database.
- Can now add notes to case without needing to add as an attachment.
- Added From: and To: and Subject: fields for email exports from search results.
- Can now attempt to crack passwords on encrypted 7zip files.
- New right click option in case management to verify file hashes on case items.
- Indexing now supports Email attachments with attachments being displayed on separate tab.
- Improved image viewing quality in internal viewer.
- Added option to use MD5 hashes when creating signatures, in addition to SHA1.
- Can now set case acquisition mode. This will warn the user if they try to perform an acquisition task that does not make sense with their case setting. Some functions only make sense in the context of a live investigation.
- Added timestamp fields to data decoder in raw disk viewer.
- Fixed bug in displayed totals in signature comparison.
- Reduced initial memory usage of the memory viewer which was allocating buffers unnecessarily at startup.
- Fixed bug adding files with no extension to the case.
- Fixed hash set creation freeze on certain locked files.
- Added "Browse Index" tab to "Search Index" module. Loads currently selected index dictionary.
- Recent activity and password recovery updated to support Opera 10/11 & Firefox 10.
- Better support for long path names, up to 32,000 characters in a path.
What's still broke in Beta #1
- An issue with indexing / viewing E-mail attachments in MBOX E-mail archives
- An bug in the NTFS direct access option with some NTFS compressed files
- Decryption of 7zip files should be working, but isn't.
- File listing only deals with PST E-mail archives at the moment.
- No direct access to FAT volumes. They still need to be mounted with a drive letter (as per V1.0)
Please send us your feedback. Either post it here, or get into contact with us.