Top Oxygen Remote Explorer Updates Of 2024 

Here’s a look back at the significant remote collection capabilities and enhancements that Oxygen Forensics added to Oxygen Remote Explorer in 2024. 

Remote Data Collection Updates 

The ability to reduce costs and streamline investigations using remote collection are key benefits provided by Oxygen Remote Explorer. 

Remote Data Collection From Windows-Based Endpoints

In 2024, Oxygen Forensics enhanced remote data collection from Windows-based endpoints. 

First, Oxygen Forensics added the ability to remotely capture a Windows OS memory dump. Now users can right-click the endpoint of interest and select the option to create a memory dump. The created dump is sent to the server. Users can then download the dump from the  server and use a third-party tool for its analysis. 

Second, Oxygen Forensics introduced the ability to remotely capture a bit-by-bit Windows OS disk or disk partition image in E01 format. Now investigators can create dumps both for unencrypted disks and partitions and for those protected with Bitlocker. The created dump can be saved to local storage or sent to the server. 


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


Finally, Oxygen Forensics implemented deleted file recovery from remote endpoints for NTFS, FAT, and exFAT file systems. 

Remote Data Collection From Android and Apple iOS Device 

In 2024, Oxygen Forensics added new features that make Oxygen Remote Explorer a more powerful tool for remote data collection from Android and Apple iOS devices.

Oxygen Forensics dramatically improved the remote iOS extraction algorithm to allow for selective data extraction. Now investigators can choose to extract only specific artifacts to comply with their search requirements. This change also helps to alleviate server load and speed up collection and transfer of extracted data for analysis. 

Oxygen Forensics also added the ability to collect WhatsApp and WhatsApp Business data remotely from anywhere in the world with cellular or Wi-Fi connection. This new feature  allows investigators to collect a range of WhatsApp data including user info, chats, contacts and calls. Before extraction, users can fine tune the extraction options to select the data that should be obtained. WhatsApp data extraction options are highly customizable, allowing for fast and targeted data collection. 

Enhanced Agent Management Center Functions 

In 2024, Oxygen Forensics added a number of functionality enhancements to the Agent  Management Center, including: 

  • A Notifications Center where users can now see all important system notifications. 
  • A utility for the server settings configuration where investigators can choose the parameters for the server connections, logging, extraction repository, and backup or reset the server settings to default. 
  • The ability to configure logging of Agents’ work. Now users can set the logging level and remove or compress intervals in the endpoint settings. 
  • Investigators now have the option to export all or selected user logs to CSV, TSV,  XLSX, and HTML formats. The logs can be then used for internal reports or  troubleshooting.
  • Users can automatically retry data extraction tasks that finished with errors. Just set  the number of attempts and the Agent will automatically restart data extraction if the  task fails. 

Remote File Browser 

Users now have the capability to remotely access the endpoint file system, enabling them to select specific artifacts for extraction and import into Oxygen Remote Explorer for analysis and reporting purposes. 

Finally, Oxygen Forensics added the ability to work with the endpoint file system. Now investigators can browse the file system to select the artifacts they need to extract, set paths for temporary files, or choose the local storage for disk images. 

Selective Remote WhatsApp and WhatsApp Business Extraction 

New extraction options for remote collection of WhatsApp and WhatsApp Business data from Android devices have been added, including the selection of the names of the chats  and the dates. 

Task Management Enhancements

Oxygen Forensics added the ability to automatically restart data extraction tasks that finished with errors. Users can also set the number of task retry attempts and choose to  prioritize them over other extraction tasks. 

MSI Format for Windows Agent 

Users can now download the Agent for Windows in MSI format along with the existing EXE format, providing greater flexibility for deployment. 

Computer Artifacts Updates 

Support has been added for additional computer artifacts, and users can now search by hash  sets. 

New Artifacts 

The following new computer artifacts are supported for extraction: 

  • NTLM hashes from Windows 
  • Passwords from Bitwarden from Windows, macOS, and GNU/Linux 
  • NordPass data from Windows, macOS, and GNU/Linux 
  • Brave Nightly data from Windows, macOS, and GNU/Linux 
  • FrostWire data from Windows, macOs, and GNU/Linux 
  • SSH keys from Windows 
  • 7-Zip data from Windows 
  • Flatpak data from GNU/Linux 

Search by Hash Sets 

Oxygen Forensics added the ability to use hash sets when creating file search rules.

Cloud Forensics Updates 

Our industry-best cloud extraction capabilities now include updated cloud services authorization. 

Cloud Extraction Updates 

Oxygen Forensics updated the ability to authorize in the following cloud services:

  • Box 
  • Google 
  • Samsung cloud data
  • Samsung cloud backup 
  • Samsung secure folder backup 
  • Telegram 
  • Zoom 

KeyDiver Updates 

Several updates have been added to KeyDiver, our decryption tool for computer partitions, files, and applications.  

New Brute Force Support 

Now KeyDiver can find passcodes to decrypt: 

  • Containers and partitions protected with VeraCrypt 
  • Huawei HiSuite backups 

Oxygen Forensics also added support for NTLM hashes. This allows users to find passwords for a Windows OS user account, allowing decryption of OS data and third-party applications connected with this password. 

Template Manager 

Oxygen Forensics added the ability to create custom attack templates. Users can use two methods for creating a template: 

  • Save the attack parameters as a template while configuring a new attack.
  • Use the ”Create New Template” button in the Template Manager. 

Settings Window 

A Settings window has been added to allow users to enable or disable drivers (CUDA, HIP,  OpenCL, Temperature Monitoring), manage the attack queue, set a temperature threshold, and adjust the desired performance. The selected settings will be saved and automatically applied to all current and subsequent attacks.  

Mobile Forensic Updates 

Automatic Detection of Connected Devices 

Automatic detection of connected devices is now supported in Oxygen Remote Explorer.  When Device Extractor is launched, the available information about a connected device will be shown along with the available methods of data extraction. 

Automatic detection is supported for Android devices if ADB debugging is enabled and confirmed, and for iOS devices with the confirmed Trust option.

Agent Method Enhancements 

Several enhancements have been added to this method: 

  • Added support for recording audio during device screen video capture, so both video  and audio of on-screen activity are recorded. 
  • A new extraction mode in Device Extractor that guides users through the process of  manual data extraction via Android Agent. 
  • Added ability to extract Slack data via Android Agent. 
  • Added ability to extract Telegram scheduled messages via Android Agent.

Import Updates 

Oxygen Forensics also added support of importing and parsing of social media platform account data, including the following.

Import of TikTok Account Data 

Oxygen Remote Explorer now supports the import and parsing of TikTock account data. The extracted categories include the following information: 

  • Account owner’s authorization history 
  • Last known location 
  • Main account details 
  • Followers and subscription 
  • Direct messages 
  • Blocked users 
  • Application settings 
  • Posts 
  • Search history 

General Updates 

Oxygen Forensics addressed one of its most-requested capabilities with the addition of a built-in module that allows selected scanning of extracted files for malware and potential  threats. Now you can unlock advanced malware detection – including searches using YARA Rules

Selection Malware Scanning 

Now you can also configure the malware scan settings and initiate a malware scan. Both the  whole extraction file structure and only selected files can be scanned. There are more than 10 identifiable threats supported. The results will appear on the toolbar, displaying the scanned file status, identified threats, scan start time, and other relevant details. 

Request a demo to experience Oxygen Remote Explorer’s capabilities.

Leave a Comment