OSForensics
Descrizione
OSForensics ti permette di estrarre le prove forensi da computer velocemente con le ricerche di file ad alto rendimento e di indicizzazione. Identificare i file sospetti e l'attività con la corrispondenza hash, firma confronti di unità, e-mail, memoria e dati binari. Gestione indagine digitale e creare report da raccolti dati forensi.
Link Download
Informazioni e programmi aggiuntivi dal sito
Download Hash Sets
OSForensics allows you to use Hash Sets to quickly identify known safe files (such as operating system and program files) or known suspected files (such as viruses, trojans, hacker scripts) to reduce the need for further time-consuming analysis. You can download some sample hash sets below. They are individually zipped.
- Office 2007 Enterprise (Vista) hash set (1,313 KB)
- Office 2007 Enterprise (Win7) hash set (1,978 KB)
- Common Keyloggers hash set (124 KB)
- Win7 Ultimate (32-bit) hash set (18,825 KB)
- Win7 Enterprise (x64) hash set (11,670 KB)
- Vista Business (32-bit) hash set (8,475 KB)
- Vista Business (x64) hash set (8,069 KB)
- XP Professional SP3 (32-bit) hash set (1,889 KB)
- XP Professional SP2 (x64) hash set (1,456 KB)
The hash sets can also be purchased as a complete set pre-loaded onto a hard disk.
Installing the Hash Sets
To install the hash sets, you must download the individual zip files (linked above), and unzip them into the OSForensics program data folder.
On Vista, Windows 7 (aka Win7), and Server 2008, this would typically be the following folder (you may need to enable viewing of hidden directories to see it or enter it directly into the Explorer address bar):
C:\ProgramData\PassMark\OSForensics\hashSets
On XP and Server 2000/2003, it is typically something like this:
C:\Documents and Settings\All Users\Application Data\PassMark\OSForensics\hashSets
You will then need to restart OSForensics if you have it currently open. When you next start OSForensics, you should now find additional sets listed in the tree view under the "Hash Sets" panel.
Download Rainbow Tables
OSForensics enables you to utilize Rainbow Tables to retrieve passwords given that you have the hash (encrypted text) of that password. The use of rainbow tables serve essentially as a time-memory trade off in the decryption of a hash. That is, they store precomputed password to hash pairs, so that instead of generating these pairs on the fly, you can just search for a hash in the table to recover the password corresponding to that hash. OSForensics can generate Rainbow Tables for different input parameters. Some example Rainbow Tables are available below for download. They are individually zipped. To install the Rainbow Tables for use with OSForensics, refer to the paragraph below. To use these rainbow tables for password retrieval, click the "Retrieve Password with Rainbow Table" tab in the Passwords module of OSForensics. You can also download and use Indexed Rainbow Tables from rainbowtables.com (use RTI1 files only) with OSForensics.
- md5_loweralpha-numeric#1-7_0_72656x4797112_OSF (32.6 MB)
- lm_alpha-numeric#1-7_0_23680x23656320_OSF (172 MB)
- sha1_loweralpha-numeric#1-6_0_4235x3708576_OSF (20.4 MB)
The rainbow tables can also be purchased as a set pre-loaded onto a hard disk.
Installing the Rainbow Tables
To install the Rainbow Tables, you must download the individual zip files (linked above), and unzip them into the RainbowTables folder located in the OSForensics program data folder.
On Vista, Windows 7 (aka Win7), and Server 2008, this would typically be the following folder (you may need to enable viewing of hidden directories to see it or enter it directly into the Explorer address bar):
C:\ProgramData\PassMark\OSForensics\RainbowTables
On XP and Server 2000/2003, it is typically something like this:
C:\Documents and Settings\All Users\Application Data\PassMark\OSForensics\RainbowTables
If you already have OSForensics open, then you may need to click the "Refresh" button under the rainbow tables display window to view the rainbow table/s you have added.
