PassMark OSForensics Professional 3.3 Build 1000 Final
9-02-2016, 02:10. Ðàçìåñòèë: vital111
PassMark OSForensics — ìîùíûé ïàêåò óòèëèò äëÿ êîìïüþòåðíîé ýêñïåðòèçû. ×àùå âñåãî ïðîãðàììíûå ïðîäóêòû äëÿ ïðîâåäåíèÿ êîìïüþòåðíîé ýêñïåðòèçû (Computer Forensics) èñïîëüçóþòñÿ ïðàâîîõðàíèòåëüíûìè îðãàíàìè, ñïåöñëóæáàìè è ñîòðóäíèêàìè ãîññòðóêòóð äëÿ ñáîðà óëèê è âûÿâëåíèÿ ïðèçíàêîâ íåçàêîííîé àêòèâíîñòè íà îòäåëüíî âçÿòîì ÏÊ. Êðîìå òîãî, áîëüøèíñòâî ïîäîáíûõ ïàêåòîâ ìîãóò èñïîëüçîâàòüñÿ è äëÿ ðåøåíèÿ ìåíåå ñëîæíûõ, íî äîñòàòî÷íî âàæíûõ çàäà÷, òàêèõ êàê ïîèñê ïîòåðÿííûõ ôàéëîâ, âîññòàíîâëåíèå óòðà÷åííûõ ïàðîëåé, îáíàðóæåíèå âðåäîíîñíûõ ïðîãðàìì è äð.
Ñïèñîê ôóíêöèîíàëüíûõ âîçìîæíîñòåé OSForensics ÷ðåçâû÷àéíî øèðîê. Ê ïðèìåðó, ïðîãðàììà ïîçâîëèò äåëàòü öèôðîâûå ïîäïèñè, â êîòîðûõ îïèñûâàþòñÿ âñå îáíàðóæåííûå íà æåñòêîì äèñêå ôàéëû. Ñîçäàâ íåñêîëüêî òàêèõ ïîäïèñåé, ïîëüçîâàòåëü ñìîæåò áûñòðî óçíàòü, êàêèå îáúåêòû ïîäâåðãàëèñü ìîäèôèêàöèè â ïðîìåæóòêè âðåìåíè ìåæäó ïðîöåäóðàìè.
PassMark OSForensics Professional 3.3 Build 1000 Final
Èíòåãðèðîâàííûé èíñòðóìåíò OSFMount ìîæåò èñïîëüçîâàòüñÿ äëÿ ìîíòèðîâàíèÿ îáðàçîâ äèñêîâ âî âñåõ ðàñïðîñòðàíåííûõ ôîðìàòàõ (ISO, BIN, NRG, SDI, VMDK è äð). Äèñê ìîíòèðóåòñÿ â âèðòóàëüíîì ïðèâîäå, è ïîëüçîâàòåëü ìîæåò èçó÷àòü åãî ñîäåðæèìîå è âçàèìîäåéñòâîâàòü ñ ôàéëàìè ñ ïîìîùüþ ñòàíäàðòíîãî ïðîâîäíèêà Explorer.
PassMark OSForensics Professional 3.3 Build 1000 Final
Åùå îäèí ëþáîïûòíûé ìîäóëü Mismatch File Search ñêàíèðóåò æåñòêèé äèñê â ïîèñêàõ ôàéëîâ, ÷üå ñîäåðæèìîå íå ñîîòâåòñòâóåò âèäèìîìó ðàñøèðåíèþ.  òîì ÷èñëå ýòîò êîìïîíåíò ïîçâîëèò îáíàðóæèòü èñïîëíÿåìûé ôàéë, âûäàþùèé ñåáÿ çà áåçîáèäíûé òåêñòîâûé äîêóìåíò TXT. Òàêèì îáðàçîì, ïîëüçîâàòåëè ñìîãóò îáíàðóæèâàòü âðåäîíîñíûå ïðèëîæåíèÿ è ôàéëû, çàìàñêèðîâàííûå ïóòåì ñìåíû ðàñøèðåíèÿ.
Êàê óæå áûëî ñêàçàíî âûøå, â ðàñïîðÿæåíèè ïîëüçîâàòåëÿ òàêæå îêàæóòñÿ ïðåâîñõîäíûå èíñòðóìåíòû áûñòðîãî ïîèñêà ôàéëîâ, âîññòàíîâëåíèÿ óòðà÷åííûõ ïàðîëåé, âîññòàíîâëåíèÿ óäàëåííûõ äàííûõ è ìíîãîå äðóãîå.
PassMark OSForensics Professional 3.3 Build 1000 Final
Âîçìîæíîñòè ïðîãðàììû:
• Ïîèñê â íåñêîëüêî ðàç áûñòðåå, ÷åì ñòàíäàðòíûé ïîèñê Windows.
• Èíäåêñèðîâàíèå, êîòîðîå ïîçâîëÿåò åùå ñèëüíåå óñêîðèòü ïîèñê.
• Ïîèñê â ïî÷òå, ñ ïîääåðæêîé âñåõ ïîïóëÿðíûõ mail-êëèåíòîâ.
• Âîññòàíîâëåíèå óäàëåííûõ ôàéëîâ.
• Ïðîñìîòð íåäàâíî èñïîëüçîâàííûõ äîêóìåíòîâ.
• Ïðîñìîòð àêòèâíîñòè èñïîëüçîâàíèÿ êîìïüþòåðà.
• Ñáîð èíôîðìàöèè î ñèñòåìå, âêëþ÷àÿ àïïàðàòíóþ è ïðîãðàììíóþ ÷àñòè.
• Ïðîñìîòð è ñîõðàíåíèå êîïèè ñîäåðæèìîãî îïåðàòèâíîé ïàìÿòè.
• Èçâëå÷åíèå ñîõðàíåííûõ ëîãèíîâ è ïàðîëåé èç âàøèõ áðàóçåðîâ.
PassMark OSForensics Professional 3.3 Build 1000 Final
Èçìåíåíèÿ â âåðñèè 3.3 Build 1000 Final
• Case Management
— Increased Notes character limit to 64000 characters
— Can now remove file from case in right-click menu
— When adding an attachment to case that already exists, prompt the user to overwrite
• Create Signature
— E-mail files are no longer saved as temporary files when creating a hash of the file. This improves the speed when creating a signature.
— Fixed wrong directory path being displayed especially when hashing large files.
— Fixed performance bug when hashing NTFS compressed files. Caused a 20x slowdown reading compressed files.
• Compare Signature
— When comparing file attributes, mask out the extra attributes used by OSForensics Forensics mode (eg. FILE_ATTRIBUTE_ATTR_MODIFY). This gives a more accurate list of modified files.
• Deleted File Search
— Added 'Remove deleted file from case' right-click menu option
— Fixed search results clearing when flags are updated
• Drive Preparation
— Added WAIT icon to drive refresh, so user can see when refresh is complete.
— Fixed physical drives are now supported, including system drive. However, if the system drive is selected, an error message is displayed
• Drive Imaging
— By default, 'Verify Image File' and 'Disable Shadow Copy' checkboxes are now checked.
— Added option to attach Image metadata (.info) file to case on completion
— Changed extension of Image metadata file from .info to .info.txt
• Email Viewer
— When parsing DBX e-mail files in forensics mode, a temporary copy of the file is no longer created. This saves some time opening the file.
• ESEDB viewer
— Updated the Extensible Storage Engine database (ESEDB) viewer to support the new Win10 file structure.
— Fixed list of records being cleared when attempting to access a page that is out of bounds
— Fixed bug with non NULL-terminated string
— Added sanity check for endianness for Vista DBs due to possibility of fields being either big or little endian
• File Indexer
— 12x increased unique words capacity (from 16 million base words to 200 million). Allows more documents to be indexed in a single index.
— Approximate 5x faster Forensics Mode indexing. This resulted from better caching, better parsing of the MFT and new low overhead methods of getting file attributes.
— Improved JPG, PNG image indexing speed with new methods of calling exiftool. Performance is approximately 5x faster on photographic images.
— Fixed bugs with indexing of archives (zip, tar, 7z, etc.) in Forensics Mode.
— Added support for ZIP files using non-DEFLATE methods (e.g. IMPLODE)
— Improved file type identifications and attempted indexing methods. At lot fewer warnings and errors should now be logged when indexing.
— Fixed 64-bit bugs with 7z64.dll
— Fixed corrupt messages e.g. "Error: Cannot delete output file: ... ". Sometimes this error was caused by indexing E-mails that contained malware. The antivirus (AV) solutions running on machines would detect the malware on extraction of attachments from the E-mail and unexpectedly delete the temporary file, causing a cascade of errors. We have a work around for the errors, but active AV solutions can still prevent indexing of files containing malware. Which can be a good or bad thing depending on your point of view.
— Fixed failing to open .gz and .tar.gz files from forensic mode mounted drive
— Fixed bugs with failing to extract files from certain problematic ZIPs and attempting every file (with magic and extraction and indexing) causing 3 error messages per file in the Zip file. Corrupted Zip files should no longer produce this cascade of errors.
— Fixed crash bug with truncated MP3 files
— Fixed OLE parsing bug when loading corrupted MSG Email file
— Improved memory estimation of indexing, to better judge if there is sufficient RAM available to start the indexing job. No point starting an indexing job only to die half way through it.
• File Name Search
— Fixed 'Current Folder' not being correctly displayed
— Fixed search results clearing when flags are updated
• File System Browser
— Display "(Sparse)" for the "Starting LCN" column of sparse files
— Fixed incomplete folder size being displayed when folder size calculation is cancelled midway (eg. when items are being sorted)
— Speed improvement when calculating folder sizes in forensics mode. Approx 3x faster depending on collection of files.
• Internal Viewer
— File info: For reparse points the linked path is now displayed
— No longer displays message box when failing to open file
— Hex viewer, Display error message in the status bar when failing to open file
• Mismatch Search
— Fixed 'Current Folder' not being correctly displayed
• Password Recovery
— Fixed crash when writing an entry to the log
— Windows Login — List views are now resized
— Windows Login — Added 'Password Required' column to 'Local Users' table to indicate whether a password is required for login
— Windows Login — Fixed crash when saving local users/domain users to file
• Recent Activity
— Added file type sub classification for Windows Search Items. Files are classified using the MIME type and extensions
— Removed directories from Windows Search Items
— Fixed Security event log entries not appearing in the results
— Selected items in 'File Details' and 'File List' tabs are now independent of each other. This caused problems when the exported list of selected items contain items that were not selected
— Re-arranged the order of tabs so that 'File Details' is the default tab.
— Fixed scan status not displaying in 'File Details' view
— Fixed sorting of items in 'File Details' view
— flickering of tree view
— Fixed error message appearing when JumpList is not selected in the scan
— Fixed a shellbag retrieval crash in Windows 10
— Fixed a jumplist crash in Windows 10
— Fixed a bug preventing some jumplist items from being retrieved
— Changed "Stream Number" jumplist item name to "Entry ID"
— Fixed an offset bug when getting the name of a shellbag item in Windows 10 which caused names with invalid characters to appear
— Updated function that retrieves Windows desktop search terms. The database format recently changed in Win10 and broke older releases of OSF.
• Registry Viewer
— Can switch between Hex, ASCII, Unicode in right-click menu
— Hives under \Windows\System32\config\RegBack are now listed when selecting a registry hive to open
— Added buttons for common operations (Add file, Add to case, Export, Find)
— Fixed a crash when trying to view/open the SAM file in Windows 10
• Search Index
— Updated search engine code to support new increased capacity index format with extended unique words.
— Added 'Remove item from case' right-click menu option
— Fixed search results clearing when flags are updated
• Thumbnail View
— Improved performance of loading photographic image thumbnails in forensics mode. Is approx 10x faster.
— Improved speed + memory usage when drawing thumbnails. Especially noticeable when scrolling the display, which should now be smoother.
• Drive imaging
— Fixed error "Unable to read end of drive". This occurred when imaging a volume (e.g. Drive F:), when the size of the file system (e.g. NTFS) is smaller than the volume size. The imaging process will now continue beyond the end of the file system to read the entire volume.
• Misc
— Fixed some memory leaks found by the leak checker
• Licensing
— In the free edition of the software,
— The indexing process will be restricted to 10,000 files or E-mails.
— The search results from an index will be limited to 250 files per search.
— Only 10 items to be added to each Case file.
— Only the first 10 passwords from each browser type will be listed in the passwords function
• Installer
— The installer package is now signed with an Extended Validation coding signing certificate. This avoids some SmartScreen installation warnings in Windows 10, like Windows "prevented an unrecognised app from starting".
PassMark OSForensics Professional 3.3 Build 1000 Final
Èíôîðìàöèÿ î ïðîãðàììå:
Ãîä âûõîäà: 2016
Âåðñèÿ: 3.3 Build 1000 Final
ßçûê èíòåðôåéñà: Àíãëèéñêèé
ÎÑ: Windows XP/Vista/7/8/8.1/10 or Windows Server 2000, 2003, 2008.
Îô.ñàéò: Home Page
Ëå÷åíèå: Ïðèñóòñòâóåò
Ðàçìåð: 53,3 Mb
Ñêà÷àòü PassMark OSForensics Professional 3.3 Build 1000 Final
Äëÿ ïðîñìîòðà ñêðûòîãî òåêñòà íåîáõîäèìî çàðåãèñòðèðîâàòüñÿ èëè âîéòè íà ñàéò.
Äëÿ ïðîñìîòðà ñêðûòîãî òåêñòà íåîáõîäèìî çàðåãèñòðèðîâàòüñÿ èëè âîéòè íà ñàéò.
Âåðíóòüñÿ íàçàä