PassMark OSForensics Professional 3.2 Build 1000 Serial Key



OSForensics allows you to identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data

It lets you extract forensic evidence from computers quickly with advanced file searching and indexing and enables this data to be managed effectively.

  • Discover Forensic Evidence Faster
  • Identify Suspicious Files and Activity
  • Manage Your Digital Investigation
  • Import and export of hash sets
  • Customizable system information gathering
  • No limts on the amount of cases being managed through OSForensics
  • Restoration of multiple deleted files in one operation
  • List and search for alternate file streams
  • Sort image files by colour
  • Disk indexing and searching not restricted to a fixed number of files
  • No watermark on web captures
  • Multi-core acceleration for file decryption
  • Customizable System Information Gathering
  • View NTFS directory $I30 entries to identify potential hidden/deleted files

What's New (v3.1.1008 - 2015-06-10):

  • Create Index

    Added indexing of From, To, CC, BCC, etc. fields for PST attachments.
  • Added indexing of From/CC/To etc. addresses from MSG attachments.
  • Added missing support for indexing headers for MSG files
  • The start and end dates for the advanced search options are now correctly using the current case timezone setting when a search is performed
  • Fixed bug in Create Index -> Edit Template -> "Scan system paging and hibernation files" setting being lost.
  • Fixed bug with Search Index -> Email Attachments -> Export ... results carrying incorrect From/To/CC information from previous results.
  • Fixed bug with indexing attachments from MSG files (failing to recognize file type properly)
  • Fixes for crashes and infinite loops when indexing corrupt DOC, XLS and PPT files.
  • Fixed bug with empty emails in PST files causing previous buffer to be used for content and custom meta.

[*]Case Manager

  • User can now specify whether logging is enabled/disabled when creating or editing a case
  • Error message is displayed if the log file is corrupted or tampered with
  • When generating a report Added "No title" to when there was no title for an item so the link to the file is visibly created
  • When renaming (moving) cases, case items still used the old metafile path causing issues with non-existant paths. Fixed by reloading case after moving.
  • E-mail attachment paths now include the attachment index number, due to the possibility of having multiple attachments with the same name

[*]Case Log

  • Supplemental log entries added across all modules
  • When logging is disabled, controls are now disabled and message is shown to the user

[*]Create/Verify Hash

  • Fixed drive drop down list to include Case devices

[*]CSV Exports

  • Removed "," separator between date and times for CSV exports so that Excel will automatically pick them up as dates

[*]Deleted Files

  • Fixed bug with retrieving the clusters of a deleted NTFS file. This bug can potential cause an invalid memory access crash
  • Unallocated cluster information now being used for mounted devices
  • Fixed bug with unable to save multiple deleted files from a partition without a drive letter (due to invalid characters in the device path)
  • The number of files that were not saved due to reallocation now displayed
  • Improved performance of saving deleted NTFS files
  • Deleted files stored in multiple MFT records are now being handled
  • Proper stream names are being used when restoring a deleted NTFS file

[*]Disk Imaging

  • Fixed no default drive being selected in 'Hidden Areas - HPA/DCO' tab
  • Added check for no physical disk selected
  • The sizes of each respective max LBA are now displayed in the log after detecting HPA/DCO

[*]Event Info

  • Bug fix, stripped trailing space character from event title.

[*]Email Viewer

  • A dotted border is now custom drawn on the selected folder/e-mail so that even when the control loses focus, the selection is still apparent
  • Fixed not being able to add multiple e-mail attachments with the same name. Each attachment now has a unique path.

[*]File Name Search

  • Added 'Save to disk' right-click option. Re-arranged right-click menu to be more readable

[*]Hash sets

  • Files less than 5 bytes in size are now excluded from hash set lookups (this is to prevent tiny file (eg 0 byte files always appearing in a hash set where there was a 0 byte file on creation)

[*]Password Recovery (Windows Login Passwords)

  • Added cached domain users to recovery for local drives
  • Fixed a crash that could happen when recovering cached domain users

[*]Recent Activity

  • Added timestamps to WLAN items for the associated XML profile or registry key (where available)
  • Bug fix, export event to CSV will now include the item's title.
  • Columns will remember their widths when filtering, sorting and navigating to different activity types.

[*]Search Index

  • Added To/From/CC information to attachment output when searching an index
  • Removed the from/to/cc fields from the CSV export of an search for items that aren't emails/attachments
  • Fixed bug with broken links in search index results for files containing percent encoding in filename

[*]System Information

  • Added cached domain users to "Get User Info (registry)"

[*]ThumbCache Viewer

  • Fixed 'In Case' flag incorrectly displayed for all items in thumbnail view

[*]User Interface

  • List/tree views across OSF now shows the selected item regardless of when the control loses focus
  • Fixed drawing issues when minimizing navigation buttons
  • Removed flickering when resizing window
  • Fixed buttons not being displayed when resizing window
  • Fixed drawing issues when resizing file/folder popup dialog


  • Bug Fix. Selecting OSForensics or BurnInTest as the selected program in WinPEBuilder will now add the required WinPE packages on the WinPE/Packages tab.


  • Updated help for new Case Activity Log section to describe logging feature
  • Updated help with info on user editable file carving configuration file, osf_filecarve.conf
  • Updated help to mention timezone in case management
  • Updated System information library

Release Date: 2015-06-10
OS: 2000/XP/2003/Vista/2008/7/2012/8
Language: English
Download Page:

Installer (51.23 MB):


Duncan Beiers
Last edited by a moderator: