![]() ![]() Memory Viewer feature shows active memory of the system on which OSF is working on. We can also see the thumbnail view of the files. This will show the result in the file list. To start with click on Mismatch File Search, select the drive/directory along with the filter from the drop-down or create a filter as required, if we are not sure about the filter settings, we can go with “All (Built In)” filter and click search. For example, a word file can be mismatched with a jpeg file (such a data could be also called “Dark Data”). Through this, we can capture some relevant evidence that could be in form of an image, document or pdf but pretending to be of some other extension. This feature enables us to identify the files whose extensions don’t match their data. To save /recover the file select the files we want to recover and right-click for options and save the files. We can also see the thumbnail view of the files for faster analysis. Depending on the volume of data and configurations we opted for it may take some time for the process to complete. Once all the settings are done, click on Search. ![]() Select all files if we need to have multiple file types as output. On preset drop-down select the file type we want to recover/search. We can also limit the file size we want to search for (this will omit the files that are not in the range to refine the search), Click Ok. Select the Quality from the drop-down (Please note better the quality more time it will take to process), for better result check the file carving option. We can select the complete Physical drive/Hard Disk (PhysicalDrive0), Acquired Evidence or any Logical drive(C/D/E), for which we want to recover the data.Ĭlick on the “Config” button and check/uncheck the options as required. To search the deleted files click on “Deleted files Search” and select the drive we want to search on from the drop-down. OSF offers a very simple and efficient deleted file recovery/search. Deleted File Searchĭeleted files recovery is one of the prime requirements for digital forensics. In the below image we have applied a filter and set its parameters as per requirement.Ĭlick on Add Filter button and then OK, the filter will get added. We can add a filter as required by selecting a value from the drop-down or fill the details as required. To edit the configurations click on “Config” button located at the top right corner on recent activity window.Ĭheck/Uncheck the options as required or if required change the date/date range for a particular time-based activity and click OK.įor managing the filters click on the “Filters” button located below the “Config” button We can also change the configurations or apply/remove any filters as per the requirement but these changes are to be done before starting the scan. Similarly, we can investigate the recent activity of any particular drive. To further analyze any file, simply right-click on file for further file options. We can also view the file details by clicking on the File Details tab Once the scanning is complete we will get a pop up with the summary of the scanned evidence.Ĭlick on the OK button and on the recent activity window we can find all the recent activity details with the heading on the left pane and details of related files on the right. Scanning will start and may take some time for this operation to complete. If we have opted to investigate the case of another machine at the time of creating the case (shown in part 1 of this article), we may get a warning message as shown below, Click on yes to continue.īut we will be acquiring our evidence (.E01 image file). To capture the live acquisition of the current machine select the first option and click on scan. We have an option to capture the Recent Activities either through the live acquisition of current machines or by scanning drives/evidence. To start with open OSForensics and select Recent Activity. Recent Activity feature allows an investigator to scan the evidence for recent activity, such as accessed websites, USB drives, wireless networks, recent downloads and many more. This article will cover some more features/ functionalities of OSForensics.įor Part 1 if this article clicks here. In Part 1 of this article, we have covered Creating case, File Search and Indexing.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |