PassMark OSForensics is a computer forensics software for locating and analyzing digital evidence that are found in computer systems and digital storage devices. A suite of modules are provided for impactfully reducing the task of analyzing the vast amounts of data on live systems and storage media with a simple, easy to use modular interface. OSForensics includes tools that can identify evidence material in seconds (such as a search for a particular file name) up to more sophisticated tools (such as locating incriminating data in deleted files) for identifying harder to locate digital evidence artifacts.

OSForensics has a number of unique features which make the discovery of relevant forensic data even faster, such as high-performance deep file searching and indexing, Email and Email archive searching and the capability to analyze recent system activity and active memory. OSForensics can build and let you view an events timeline which shows you the context and time of activities. You can even recover data and files that have been deleted by users. OSForensics comes with a built-in file viewer which lets you examine a file contents, properties and meta-data, as well as an Email viewer which is compatible with most popular mail client formats.

OSForensics contains a collection of modules for searching, collecting, analyzing and recovering digital artifacts that can be used as legal evidence in court. The main features of OSForensics are outlined as follows.
1. Case Management
This module is used to aggregate results from all the other modules into a single location, a Case, allowing for later analysis of the findings as a whole and reporting on findings.

2. Hash Sets
A hash set is a software to quickly identify known safe or known suspected files to reduce the need for further time-consuming analysis.

3. Signatures
Signatures are snapshots of a system's directory structure at different points in time. Signatures can be compared in order to identify files that have been added, deleted and changed.

4. File Name Search
This module allows for searching for files via filename.

5. Mismatch Search
Finds files that have a file extension that is different from the content within the file. ie. A .jpeg file renamed to a .txt file.

6. Verify/Create Hash
Create hashes (SHA1, MD5, CRC32) of files or entire hard disk.

7. Indexing
Creating an index allows for full text searching within files located in a folder or entire hard disk. Also capable of searching within email archives and pulling text out of unallocated disk sectors.

8. Recent Activity
This module allows an investigator to scan the system for evidence of recent activity, such as accessed websites, USB drives, wireless networks, and recent downloads.

9. Deleted Files Search
Search for and recover files that have been recently deleted from the hard drive.

10. Memory Viewer
The memory viewer allows an investigator to collect and analyze digital evidence in volatile memory storage. Due to the non-persistent nature of memory, some digital evidence may only be available on a live system.

11. System Information
The detailed information about the system's core components can be viewed and exported.

12. Removable Drive Test
OSForensics provides a software for performing tests on removable drives.

In many cases it may be desirable to work with data from a disk image rather than the physical disk itself. Whilst OSForensics does not deal with disk images directly itself Passmark provides a set of free external tools in order to support working with disk images.

The license of this software is Free Trial Software, the price is $499, you can free download and get a free trial.