full screen background image
Sunday 18 February 2018
  • :
  • :

Digital Forensics Investigation through OS Forensics (Part 3)

In Part 2 of this article we have covered Recent Activity, Deleted File Search, Mismatch File Search, Memory Viewer and Prefetch Viewer. This article will cover some more features/ functionalities of OSForensics.

To Read Part 2 of this article click here.

Raw Disk Viewer

On a drive data is generally stored in file system files and directories but when it comes to forensics we need a more deeper inspection of drives we can have a evidence within the raw sectors of the drive , image . These sectors are not accessible through Operating system but we can access the raw sectors through OS Forensic’s Raw Disk Viewer.

Raw Disk Viewer includes text/hex searching, highlighting of relevant disk offsets, and decoding of known disk structures (such as MBR, GPT)

Source : https://www.osforensics.com

To start with open OSF and click on Raw Disk Viewer

From the disk dropdown select the Evidence we want to investigate.

Click on the config button and make the required changes. We can specify the sector range limit, highlight the file types by different colors, include/exclude file system objects.

To look for a particular file/sector/offset click on Jump To button, we can see a screen to select any particular file or offset.

To get the details of any particular file select file and browse the file .

Click on open and then OK, the file will open in HEX for investigation.

Click on the decode button to get the details of the file. This will provide the cluster number and sector of the file.

Right click on the file to get all the available options of the file/offset/cluster.

Click on Search button, a screen will appear where we can search for Hex or Text and continue . This will search the particular text or Hex within the raw sectors and will display the result.



Read more…

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Part-Time Hacker || Child Pornography & Sexual Abuse Combat

Leave a Reply

Your email address will not be published. Required fields are marked *