Can you try the current beta, V0.92
http://www.osforensics.com/download.html

Yes, undelete does both (in later beta releases). If uses both the MFT and does matching on file headers on the raw disk. But to do this you need to check the "File carving" box in the undelete config window.

OSForensics ver. 087, build 1000. I thought that maybe OSForensics did file carving by header information since it would be looking at the entirety of the physical drive, not just the Windows formatted portion.

Thnaks

Did you try? We are thinking it might be OK. But of course to Windows the drive will appear as being unformatted as it won't know anything about the HFS file system (unless you are running special software like MacDrive). It might be the case that the drive letter doesn't appear if there is no supported file system on the drive however.

What version of OSForensics are you using? We made some changes to the drive detection code recently. I think we might be excluding any drives that don't have any partitions.

OSForensics is Windows only software for the moment.

HFS is the Mac file system. So you can't at the moment use OSForensics to investigate Mac's to any great degree. Although you should be able to browse the sectors and carve some data, this won't be as effective as undelete would be for a NTFS drive. For NTFS and FAT we parse the master file tables looking for deleted file records. This won't be done for HFS.