OSForensics system information software has been released

OSForensics has been released. Click on Discover, Identify, and Manage to view a list of features. Free and paid editions are available. Works on x86 or x64. Can be made portable.

Review: http://www.ghacks.net/2011/06/28/os-forensics-system-information-gathering-software/.

Some security-related features:
Mismatch file search - search for files with contents that do not match the file extension
Signatures - compare folder snapshots to see what files have changed; SHA1 file hashes are optional

 

Today, I finally gave it a shot. More precisely the hash functionality. I must say I expected a lot more from it.

There's no way to maximize the hashes window. The free version does not allow to export hash sets. You cannot compare a given file/given files/files in a folder with a hash set/hash sets.

Something like that would be useful, IMHO. I might send it as a suggestion to them.

I need to find out to what format the paid version exports hash sets. I was hoping the option to export as plain text. I'll have to check it.

 

To check if a given file is in a hash set, you have to use some of the program's other features, such as the file search feature.

 

I see. I should have looked at the other features.

It would make sense to have the option in the hash feature as well. Oh, well.

 

It confused me too at first.

 

The hash set viewer window can be re-sized by dragging the corner to make it larger, but you are correct, it might have been nice to have the maximize icon in the title bar. We'll fix this up in the next patch release.

Hash set exports are in plain text, CSV format.

The following data is exported (when available)
Origin

The origin of the file hash
​

Product

The product the hashed file belongs to.
​

Product Type

A description of the what type of product the product is.
​

Hash Set Name

The name of the hash set the file hash belongs to.
​

Hash Set ID

A Unique ID for this hash set.
​

Version

The version of the product.
​

Manufacturer

The manufacturer of the product.
​

Language

The language of the product.
​

Type

What type of hash set this is (known good files, known bad files, etc)
​

OS

What operating system this hash set is associated with.
​

Filename

The name of the file this hash was taken from.
​

MD5

The MD5 hash for this file.
​

SHA1

The SHA1 hash for this file.
​

SHA256

The SHA256 hash for this file.
​

LastUpdate

When this hash was last updated
​

Size

The size of the file that was hashed.​

 

Looking up files in a hash set in OSF

You can look up a file in a hash set from, for example, the "File name search" function. You need to do a search first, but you can search for * for find all files.

Right click on a file, or multiple files, and select lookup in hash set from the right click menu.

However before doing this you can set the current hash set from the "Hash sets" window (if you have multiple sets loaded).

You can download some example hashsets from this page,
http://www.osforensics.com/download.html

There are some example screen shots.

Right click to check if multiple selected files are in current hash set



Checking files to see if they are in the hash set



Sort search results to group matches



Check single file to see all matches for that file

 

@ PassMark

Thank you for your feedback.

 

Just thought I would give it a go after seeing - https://www.wilderssecurity.com/showthread.php?t=311425

Running XP Pro SP3, and I realize it is in ongoing development, but...





I sent the report, but another dev that I have communicated with in the past says the reports are useless.