OSForensics system information software has been released

Discussion in 'other software & services' started by MrBrian, Oct 10, 2011.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    OSForensics has been released. Click on Discover, Identify, and Manage to view a list of features. Free and paid editions are available. Works on x86 or x64. Can be made portable.

    Review: http://www.ghacks.net/2011/06/28/os-forensics-system-information-gathering-software/.

    Some security-related features:
    Mismatch file search - search for files with contents that do not match the file extension
    Signatures - compare folder snapshots to see what files have changed; SHA1 file hashes are optional
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Today, I finally gave it a shot. More precisely the hash functionality. I must say I expected a lot more from it.

    There's no way to maximize the hashes window. The free version does not allow to export hash sets. You cannot compare a given file/given files/files in a folder with a hash set/hash sets.

    Something like that would be useful, IMHO. I might send it as a suggestion to them.

    I need to find out to what format the paid version exports hash sets. I was hoping the option to export as plain text. I'll have to check it.
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    To check if a given file is in a hash set, you have to use some of the program's other features, such as the file search feature.
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I see. :thumb: I should have looked at the other features. :D

    It would make sense to have the option in the hash feature as well. Oh, well.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    It confused me too at first.
     
  6. PassMark

    PassMark Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    8
    The hash set viewer window can be re-sized by dragging the corner to make it larger, but you are correct, it might have been nice to have the maximize icon in the title bar. We'll fix this up in the next patch release.

    Hash set exports are in plain text, CSV format.

    The following data is exported (when available)
    Origin
    The origin of the file hash
    Product
    The product the hashed file belongs to.
    Product Type
    A description of the what type of product the product is.
    Hash Set Name
    The name of the hash set the file hash belongs to.
    Hash Set ID
    A Unique ID for this hash set.
    Version
    The version of the product.
    Manufacturer
    The manufacturer of the product.
    Language
    The language of the product.
    Type
    What type of hash set this is (known good files, known bad files, etc)
    OS
    What operating system this hash set is associated with.
    Filename
    The name of the file this hash was taken from.
    MD5
    The MD5 hash for this file.
    SHA1
    The SHA1 hash for this file.
    SHA256
    The SHA256 hash for this file.
    LastUpdate
    When this hash was last updated
    Size
    The size of the file that was hashed.​
     
  7. PassMark

    PassMark Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    8
    Looking up files in a hash set in OSF

    You can look up a file in a hash set from, for example, the "File name search" function. You need to do a search first, but you can search for * for find all files.

    Right click on a file, or multiple files, and select lookup in hash set from the right click menu.

    However before doing this you can set the current hash set from the "Hash sets" window (if you have multiple sets loaded).

    You can download some example hashsets from this page,
    http://www.osforensics.com/download.html

    There are some example screen shots.

    Right click to check if multiple selected files are in current hash set
    [​IMG]


    Checking files to see if they are in the hash set
    [​IMG]


    Sort search results to group matches
    [​IMG]


    Check single file to see all matches for that file
    [​IMG]
     

    Attached Files:

  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    @ PassMark

    Thank you for your feedback. :thumb:
     
  9. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Just thought I would give it a go after seeing - https://www.wilderssecurity.com/showthread.php?t=311425

    Running XP Pro SP3, and I realize it is in ongoing development, but...:eek:

    ScreenShot_OSForensics_Recent Activity_01.jpg

    ScreenShot_OSForensics_Recent Activity_02.jpg

    I sent the report, but another dev that I have communicated with in the past says the reports are useless.
     
Loading...
Thread Status:
Not open for further replies.