Digital Forensics using PassMark - OSForensics
OSForensics is a commercial forensic tool designed to perform automatic triage for a faster and more reliable way to locate files on a Windows computer. You can search by filename, size, creation and modified dates, and other criteria depending on your needs.
Results are returned and made available in several different useful views. This includes the Timeline View, which allows you to sift through the matches on a timeline, making evident the pattern of user activity on the machine.
OSForensics has these capabilities:
From an incident response perspective, the volatile data residing inside the system’s memory contains rich information such as passwords, credentials, network connections, malware intrusions, registry hives, and etc. that can be a valuable source of evidence and is not typically stored on the local hard disk. This is one of the investigator’s favorite data sources to perform digital forensics on, and knowing the right tool to dump memory is a must.
