How do the police manage to extract even deleted data from a PC?

Dernière mise à jour: 26 mai 2023

When it comes to tracking down cybercriminals, our computers hold a treasure trove of information. But how do investigators manage to recover even deleted data?

At the heart of this are specialized software such as EnCase, WinHex, Forensic Toolkit (FTK) and many others.

In this article, we are going to focus in particular on OSForensics, a powerful tool used by the police to recover computer evidence. You will discover how this software can conduct in-depth research on the contents of a machine and extract crucial information.

What can we do with OSForensics?

With OSForensics, you can perform several actions to recover and analyze data from your PC:

Recovery of user data : OSForensics allows you to retrieve information such as emails, address book, activities on social networks and history of sites visited.
System data analysis : This software gives you access to hidden files, passwords and their history, file tree structure, log files and other relevant system data.
Deleted Data Recovery : OSForensics is able to recover data that has been erased in the past. Even if the files have been deleted or hidden, the software can find them and make them accessible.

OSForensics-tutorial — OSForensics interface

Indeed, OSForensics is a versatile software that allows you to carry out in-depth investigations on a computer equipped with Windows.

It offers the following features:

File search and filtering.
Memory exploration.
Recovery of logins and passwords.
Recover deleted files.
Password cracking.
Recovery of last accessed files, websites or devices.
The last activities of a computer
In-depth exploration of emails.

These features make OSForensics an essential tool for conducting thorough and effective investigations on computers running Windows.

How to use OSForensics?

OSForensics is a real Swiss army knife bringing together several tools easily accessible via a clear and ergonomic interface. Here's how you can use it:

Installation and launch : First, start by installing OSForensics on your computer. Once installed, launch the program to access its features.
Feature explorations: Next allows you to scan your computer, or any other computer you wish to examine, in order to extract relevant information. You can navigate through the different options and modules offered by the software.
Information analysis : Use OSForensics tools to search for specific items such as passwords (for websites or documents), recent activities, deleted files or files with inappropriate extensions. The intuitive interface will allow you to select the appropriate search parameters.
Recovery of deleted files : OSForensics offers deleted file recovery features. You can follow specific steps to recover deleted files using the tools provided.

Here is a demo video showing you how to recover deleted files with OSForensics.

It should be noted that OSForensics is primarily intended for security experts. Additionally, the software can be installed on a USB drive, allowing you to use it on any computer or on the go.

It is an interesting piece of software to try, but caution is recommended when using it.

To download OSForensics, please click here: Download OSForensics

Those who liked this article also liked these:

adonai says:

December 21 2020 to 23 43 h min

Thanks for this tutorial.
My concern is how to prevent it's software from having access to this information?

Brahim JITOU says:

30 May 2019 13 in 02 h min

Hello,
You are doing a good job, and I thank you for that.

DeKa says:

30 September 2015 6 to 20 h min

I would just like to know how to subscribe to the site's newsletter? Thank you for your reply.