Oxygen Forensic Detective From Oxygen Forensics
Posted Tuesday June 13, 2017 (12:37:18)
Reviewed by Miroslav Klarica, CEO at Detective Agency Mreza, Croatia
The selection of a multifunctional tool for mobile forensics is the key for successful investigation.
Private investigations, no matter if they are about love infidelities, missing persons or asocial behavior of adolescents, today are unimaginable without forensic analysis of mobile devices. I will be more specific, I wouldn't be able to close many of my cases without the help of tools like Oxygen Forensic Detective.
Mobile forensics is for sure the most complex and chaotic branch of digital forensics. The changes are happening on a daily basis, from the appearance of new devices to new applications and protection systems. That is the reason why it is very important to make the right decision both economically and in terms of operation.
When we purchased our first tool for mobile forensics, we listened to recommendations from our acquaintances from law enforcement circles, who gave us a suggestion about which tool they believed was the best on the market.
The tool did support extraction, decoding and parsing of data from lots of mobile devices and a great number of adapters and cables were included in the price, of which most were worthless though because we mostly work with Android and iOS devices.
Also, we concluded soon that the tool wasn't enough for us because we couldn't deal with challenges in cloud services or encrypted backups, and we needed an effective analytical tool which could speed up our investigations.
Instead of purchasing several tools and spending enormous amount of money, we found everything unified in one software – Oxygen Forensic Detective - which is now an indispensable part of our work day.
A few examples from our investigations
Recently the mother of an adolescent who spent too much time on a Facebook account which his parents couldn't access approached us. The most popular social media platform in the world has apparently 1.5 million users in Croatia and is becoming a very valuable source of evidence. After Oxygen Forensic Detective decrypted user tokens, his parents had a clear picture of their child's activities on Facebook, his friends and private messages.
From our case. Complete reconstruction of user activity on Facebook
When we analyzed acquired data from his Dropbox account, we learnt about his second iCloud account from which we downloaded and decrypted three device backups about which his parents didn't know.
Oxygen Forensic Cloud Extractor can acquire data from iCloud of all Apple iOS devices including the latest iOS 10.3. Using the appropriate credentials, an investigator can extract information from data backups of all devices associated with the unique Apple ID. In addition, experts will have access to three cloud backups for each device – the original backup and the two most recent data backups. This will allow the investigator to compare data and track information changes on each device.
From our case. We have access to three cloud backups from each device
Everyone knows that cheaters use their smartphones to contact their lovers and end-to-end encryption apps have made cheating easier. Or maybe not?
Great support for applications enabled us to successfully close dozens of cases in which key information was stored in deleted Viber and WhatsApp messages.
From our case. Recovering deleted Viber messages
Oxygen Forensic Detective also supports data parsing from Snapchat, Signal, Threema, WickrMe, Telegram and other encrypted messaging apps that are used not only by cheaters, but also by criminals and terrorists.
Last year we were hired by the management of a large Croatian shipbuilding company to determine possible security threats on their mobile phones. We reconstructed connections to unsafe wireless networks and we detected trojan horse viruses on several mobile phones owned by important employees. In order to detect the viruses on the mobile devices we also used Oxygen Forensic Detective and were very pleased with the results.
From our case. By analyzing spyware logs forensic specialists may gain access
to additional information that could be used in an investigation
If I need to analyze extracted data I will definitely use built-in Oxygen Forensic analytical tools. Thanks to them we usually finish our forensic investigations very quickly.
We often analyze a user's activities that happened on the specific day or hour, or communications with a specific person about whom we have only basic information, like a phone number, name or nickname. We've been in situations when we didn't have information about the contacted person but only information that there is intensive communication via WhatsApp or Viber messenger.
This situation at first glance was complicated and we thought it would take hours of work. Actually for identification of the specific person we needed only five minutes and a few mouse clicks. After data extraction and decryption we opened Social Graph and visualized communications in these two messengers. In a few seconds we had an overview of contacts and total number of sent messages. Our clients are often positively shocked when we present the evidence in this effective visual way.
From our case. Social Graph contains information about each
displayed owner, contact's preferable types of communication, the first and
the last date of communications, total time spent talking and number of
messages sent to each other
The second tool which we often use is Timeline, with which we have a complete overview of device activities in one place. Besides messages and chats in applications, calls, web browser activity, Wi-Fi connections history, and photos with time stamps, Timeline also shows the device owner’s locations in a single list which can be visualized in offline Oxygen Forensic Maps. A graphical chart is available to display user activities for selected periods of time, from one second to one year, and to filter them by various parameters.
Everything that I mentioned is available in one place for one price. I haven't found any better price on the market.
Very transparent reports allow even people without professional experience to manage and view extracted information. Now that Oxygen Forensic Viewer is available in a portable format, distribution of projects to our clients (like attorneys or court experts) is made much easier.
In the end of this review, as a private investigator, I strongly recommend Oxygen Forensic Detective to my colleagues and to law enforcement staff because, if you use this software, you will significantly reduce the possibility of missing any key evidence in your investigation.
About the Reviewer
The founder and the agency director is Mr. Miroslav Klarica, LL.M., a licensed detective and an ex-police officer with over 20 years of experience in different fields related to the Republic of Croatia Ministry of the Interior. Detective Agency Mreza is one of the first agencies in Croatia whose activities are spread across all parts of Croatia and all the countries in the region: Bosnia and Herzegovina, Slovenia, Serbia, Montenegro, Kosovo and Macedonia.
We are part of the Croatian Association of Private Detectives (CAPD), as well as International Police Association (IPA), the Croatian section, which was awarded with the Gold Medal for its successful work, contribution, development and promotion of the organization. Also, we are members of several international PI associations: World Association of Detectives (WAD), Council of International Investigators (CII) and World Association of Professional Investigators (WAPI).
About Oxygen Forensic Detective
Oxygen Forensic Detective is a complete mobile forensic solution offering analysis of many different devices, including Chinese devices and encrypted backups. You can find out more here.
Article content received from: Forensic Focus,