OSForensics is a comprehensive computer forensics package that can help you locate and analyse the enormous amount of digital evidence that may be available on a computer system.

This kind of forensic tool is normally used to discover exactly what someone's been doing on their PC. So for instance you can quickly view the documents they've been opening, the web sites they've visited, the USB devices they've connected and any network shares they've used. It's possible to run text searches of any emails found on a system, from within the program. And you can even see what's inside a computer's memory at the moment, perhaps helping you to recover user names, passwords or other information that wouldn't normally be visible.

But OSForensics has many other useful applications.

There's an Undelete tool, for instance, that you can use to recover apparently lost files.

The clever Mismatch File Search option will scan your hard drive, checking file contents and alerting you when they don't match the extension (a .EXE file has been renamed as a .JPG, say). This could let you know if malware (or maybe another user of your PC) is trying to hide particular files.

There's support for Hash Matching, a technique that helps you quickly identify changed Windows, Microsoft Office or other files, again useful if you're looking for malware.

And if you install OSForensics to a USB flash drive then you can take the program anywhere, and use it on PCs without leaving any significant trace.

Version 4 replaces the free version with a 30-day trial. See the changelog for more info.

Verdict

OSForensics is a powerful, professional forensics tool. The price means it really isn't for regular users, and the trial has restrictions, but if you need to understand how someone's been using a PC it could still be very helpful.