Система

PassMark OSForensics Professional 3.3 Build 1000 Final

PassMark OSForensics Professional 3.3 Build 1000 Final

PassMark OSForensics - мощный пакет утилит для компьютерной экспертизы. Чаще всего программные продукты для проведения компьютерной экспертизы (Computer Forensics) используются правоохранительными органами, спецслужбами и сотрудниками госструктур для сбора улик и выявления признаков незаконной активности на отдельно взятом ПК. Кроме того, большинство подобных пакетов могут использоваться и для решения менее сложных, но достаточно важных задач, таких как поиск потерянных файлов, восстановление утраченных паролей, обнаружение вредоносных программ и др.

Список функциональных возможностей OSForensics чрезвычайно широк. К примеру, программа позволит делать цифровые подписи, в которых описываются все обнаруженные на жестком диске файлы. Создав несколько таких подписей, пользователь сможет быстро узнать, какие объекты подвергались модификации в промежутки времени между процедурами.
PassMark OSForensics Professional 3.3 Build 1000 Final

Интегрированный инструмент OSFMount может использоваться для монтирования образов дисков во всех распространенных форматах (ISO, BIN, NRG, SDI, VMDK и др). Диск монтируется в виртуальном приводе, и пользователь может изучать его содержимое и взаимодействовать с файлами с помощью стандартного проводника Explorer.

Еще один любопытный модуль Mismatch File Search сканирует жесткий диск в поисках файлов, чье содержимое не соответствует видимому расширению. В том числе этот компонент позволит обнаружить исполняемый файл, выдающий себя за безобидный текстовый документ TXT. Таким образом, пользователи смогут обнаруживать вредоносные приложения и файлы, замаскированные путем смены расширения.

Как уже было сказано выше, в распоряжении пользователя также окажутся превосходные инструменты быстрого поиска файлов, восстановления утраченных паролей, восстановления удаленных данных и многое другое.

Возможности программы:

  • Поиск в несколько раз быстрее, чем стандартный поиск Windows.
  • Индексирование, которое позволяет еще сильнее ускорить поиск.
  • Поиск в почте, с поддержкой всех популярных mail-клиентов.
  • Восстановление удаленных файлов.
  • Просмотр недавно использованных документов.
  • Просмотр активности использования компьютера.
  • Сбор информации о системе, включая аппаратную и программную части.
  • Просмотр и сохранение копии содержимого оперативной памяти.
  • Извлечение сохраненных логинов и паролей из ваших браузеров.

PassMark OSForensics Professional 3.3 Build 1000 Final
Изменения в версии 3.3 Build 1000 Final

• Case Management
- Increased Notes character limit to 64000 characters
- Can now remove file from case in right-click menu
- When adding an attachment to case that already exists, prompt the user to overwrite
• Create Signature
- E-mail files are no longer saved as temporary files when creating a hash of the file. This improves the speed when creating a signature.
- Fixed wrong directory path being displayed especially when hashing large files.
- Fixed performance bug when hashing NTFS compressed files. Caused a 20x slowdown reading compressed files.
• Compare Signature
- When comparing file attributes, mask out the extra attributes used by OSForensics Forensics mode (eg. FILE_ATTRIBUTE_ATTR_MODIFY). This gives a more accurate list of modified files.
• Deleted File Search
- Added 'Remove deleted file from case' right-click menu option
- Fixed search results clearing when flags are updated
• Drive Preparation
- Added WAIT icon to drive refresh, so user can see when refresh is complete.
- Fixed physical drives are now supported, including system drive. However, if the system drive is selected, an error message is displayed
• Drive Imaging
- By default, 'Verify Image File' and 'Disable Shadow Copy' checkboxes are now checked.
- Added option to attach Image metadata (.info) file to case on completion
- Changed extension of Image metadata file from .info to .info.txt
• Email Viewer
- When parsing DBX e-mail files in forensics mode, a temporary copy of the file is no longer created. This saves some time opening the file.
• ESEDB viewer
- Updated the Extensible Storage Engine database (ESEDB) viewer to support the new Win10 file structure.
- Fixed list of records being cleared when attempting to access a page that is out of bounds
- Fixed bug with non NULL-terminated string
- Added sanity check for endianness for Vista DBs due to possibility of fields being either big or little endian
• File Indexer
- 12x increased unique words capacity (from 16 million base words to 200 million). Allows more documents to be indexed in a single index.
- Approximate 5x faster Forensics Mode indexing. This resulted from better caching, better parsing of the MFT and new low overhead methods of getting file attributes.
- Improved JPG, PNG image indexing speed with new methods of calling exiftool. Performance is approximately 5x faster on photographic images.
- Fixed bugs with indexing of archives (zip, tar, 7z, etc.) in Forensics Mode.
- Added support for ZIP files using non-DEFLATE methods (e.g. IMPLODE)
- Improved file type identifications and attempted indexing methods. At lot fewer warnings and errors should now be logged when indexing.
- Fixed 64-bit bugs with 7z64.dll
- Fixed corrupt messages e.g. "Error: Cannot delete output file: ... ". Sometimes this error was caused by indexing E-mails that contained malware. The antivirus (AV) solutions running on machines would detect the malware on extraction of attachments from the E-mail and unexpectedly delete the temporary file, causing a cascade of errors. We have a work around for the errors, but active AV solutions can still prevent indexing of files containing malware. Which can be a good or bad thing depending on your point of view.
- Fixed failing to open .gz and .tar.gz files from forensic mode mounted drive
- Fixed bugs with failing to extract files from certain problematic ZIPs and attempting every file (with magic and extraction and indexing) causing 3 error messages per file in the Zip file. Corrupted Zip files should no longer produce this cascade of errors.
- Fixed crash bug with truncated MP3 files
- Fixed OLE parsing bug when loading corrupted MSG Email file
- Improved memory estimation of indexing, to better judge if there is sufficient RAM available to start the indexing job. No point starting an indexing job only to die half way through it.
• File Name Search
- Fixed 'Current Folder' not being correctly displayed
- Fixed search results clearing when flags are updated
• File System Browser
- Display "(Sparse)" for the "Starting LCN" column of sparse files
- Fixed incomplete folder size being displayed when folder size calculation is cancelled midway (eg. when items are being sorted)
- Speed improvement when calculating folder sizes in forensics mode. Approx 3x faster depending on collection of files.
• Internal Viewer
- File info: For reparse points the linked path is now displayed
- No longer displays message box when failing to open file
- Hex viewer, Display error message in the status bar when failing to open file
• Mismatch Search
- Fixed 'Current Folder' not being correctly displayed
• Password Recovery
- Fixed crash when writing an entry to the log
- Windows Login - List views are now resized
- Windows Login - Added 'Password Required' column to 'Local Users' table to indicate whether a password is required for login
- Windows Login - Fixed crash when saving local users/domain users to file
• Recent Activity
- Added file type sub classification for Windows Search Items. Files are classified using the MIME type and extensions
- Removed directories from Windows Search Items
- Fixed Security event log entries not appearing in the results
- Selected items in 'File Details' and 'File List' tabs are now independent of each other. This caused problems when the exported list of selected items contain items that were not selected
- Re-arranged the order of tabs so that 'File Details' is the default tab.
- Fixed scan status not displaying in 'File Details' view
- Fixed sorting of items in 'File Details' view
- flickering of tree view
- Fixed error message appearing when JumpList is not selected in the scan
- Fixed a shellbag retrieval crash in Windows 10
- Fixed a jumplist crash in Windows 10
- Fixed a bug preventing some jumplist items from being retrieved
- Changed "Stream Number" jumplist item name to "Entry ID"
- Fixed an offset bug when getting the name of a shellbag item in Windows 10 which caused names with invalid characters to appear
- Updated function that retrieves Windows desktop search terms. The database format recently changed in Win10 and broke older releases of OSF.
• Registry Viewer
- Can switch between Hex, ASCII, Unicode in right-click menu
- Hives under \Windows\System32\config\RegBack are now listed when selecting a registry hive to open
- Added buttons for common operations (Add file, Add to case, Export, Find)
- Fixed a crash when trying to view/open the SAM file in Windows 10
• Search Index
- Updated search engine code to support new increased capacity index format with extended unique words.
- Added 'Remove item from case' right-click menu option
- Fixed search results clearing when flags are updated
• Thumbnail View
- Improved performance of loading photographic image thumbnails in forensics mode. Is approx 10x faster.
- Improved speed + memory usage when drawing thumbnails. Especially noticeable when scrolling the display, which should now be smoother.
• Drive imaging
- Fixed error "Unable to read end of drive". This occurred when imaging a volume (e.g. Drive F:), when the size of the file system (e.g. NTFS) is smaller than the volume size. The imaging process will now continue beyond the end of the file system to read the entire volume.
• Misc
- Fixed some memory leaks found by the leak checker
• Licensing
- In the free edition of the software,
- The indexing process will be restricted to 10,000 files or E-mails.
- The search results from an index will be limited to 250 files per search.
- Only 10 items to be added to each Case file.
- Only the first 10 passwords from each browser type will be listed in the passwords function
• Installer
- The installer package is now signed with an Extended Validation coding signing certificate. This avoids some SmartScreen installation warnings in Windows 10, like Windows "prevented an unrecognised app from starting".


ОС: Windows XP/Vista/7/8/8.1/10 or Windows Server 2000, 2003, 2008.

 

Скачать программу PassMark OSForensics Professional 3.3 Build 1000 Final (53,3 МБ):

MANSORY 04/02/16 Просмотров: 3318
+2