6 Month Checkup At Oxygen Forensics

by

Hard to believe that half the year is already up! Not only has our company been growing month after month but so has our software! Let’s take a look at the fantastic innovations brought to you in Oxygen Forensic® Detective these last six months.Cloud Forensics

This year alone we have added support for 9 new cloud services. Our supported services exceeds any other forensic tool on the market; increasing the total amount of supported cloud services to 69!

Of note, we enhanced our support for Apple iCloud services by offering the ability to acquire Apple Health and Apple Maps data as well as all the logins, passwords, tokens and other artifacts from the iCloud Keychain. Apple Health and keychain can be also directly acquired from Apple iOS devices via logical extraction while Apple Maps can be retrieved only from jailbroken Apple iOS devices and GrayKey images. Apple Maps extraction from iCloud is a fantastic alternative to direct device acquisition.

We have also added the worlds only current ability to extract account information, contacts, chats and calls from the secure Wickr Me Messenger via password or token that can be extracted by our software both in mobile devices and on Windows computers. Wickr Me extraction from the cloud is a great alternative to direct device data acquisition as the Messenger data on mobile devices is heavily encrypted.

We also extended support for travel apps this year and added data extraction from BlaBlaCar and Booking.com services. Since BlaBlaCar drivers and users have already been victims of crimes including murder, drug trafficking, and many others, data extraction from this app was of great importance to our customers.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

The full list of newly added cloud services can be found in the Oxygen Forensic® Detective interface by going to: Help> What’s New.

Computer Internet Artifacts and KeyScout

We continue to enhance our Oxygen Forensic® KeyScout utility which is available at no additional charge from the Tools menu of Oxygen Forensic® Detective.

Using KeyScout, investigators now have the ability to extract history, bookmarks, autofill forms and cookies from desktop web browsers including Google Chrome, Mozilla Firefox, and Microsoft Edge.

We added the ability to use several different search modes in KeyScout. Full and Optimal search modes offer the ability to extract passwords and tokens from portable web browser and other program versions and programs with non-default installation paths while Fast search mode checks only the default paths.

To make it even better for mobile forensic investigators, our Oxygen Forensic® KeyScout can now find iTunes backups saved on the PC. Investigators should never dismiss iTunes backups because they are often a great source of evidence. Even if the backup is encrypted, we have investigators covered! Our powerful built-in decryption of not only iTunes backups, but Android and more is included at no additional charge.

Finally, we added even more app credential hunting using KeyScout. We now support My Parrot password, Wickr Me token, Booking.Com password, QR token from the latest WhatsApp and so many others.

Mobile Forensics

Mobile device support continues to be our bread and butter. This year we have continued working on decryption algorithms that allow investigators to decrypt Android physical dumps as well as many “secure” apps.

We introduced the ability to extract hardware bound keys and decrypt physical images of the devices based on MediaTek MT6737 chipset even if Secure Startup is enabled. Moreover, we have added the ability to decrypt physical dumps with the known password for Android devices based on Qualcomm Snapdragon MSM8909 chipset.

What’s more, we’ve added support for new Qualcomm chipsets: MSM8909, MSM8916, MSM8952 and MSM8939. As of June 2019, the total amount of supported mobile devices exceeds 29,200!

We have also improved parsing of the latest Huawei backups v.9.1 and HiSuite backups v.9.1. Do not overlook these backups in your investigation because they contain a phenomenal amount of data that includes the most popular applications and other content from the data/data folder.

This year we again lead in application data parsing with the total amount of supported app versions exceeding 10,100!

Thanks to the world leading ability to decrypt encryption keys from the Android KeyStore we were able to introduce complete support for the secure Signal messenger from Android devices. Moreover, we have implemented decryption of CoverMe and Telegram X Messengers. For the full list of supported apps and artifacts go to Help > Supported applications menu of Oxygen Forensic® Detective.

Drone Forensics

We have been supporting DJI drones for some time, however this year we focused on the second market leader – Parrot drones. Within 6 months we managed to introduce Parrot drone data extraction from all possible sources. First, we have added the ability to analyze and visualize the flight data of Parrot drones from flight logs obtained by physical dumps or produced by the FreeFlight Pro mobile app. Second, we introduced the industry’s only ability to extract detailed flight history from My Parrot Cloud via login/password or token found in Apple iOS and Android devices. Third, the data parsing from Freeflight 6 mobile app has been dramatically updated.

But the most significant UAS improvement – now in Oxygen Forensic® JetEngine you can analyze extended technical information about the drone flight that includes drone acceleration, gyroscope, UAS temperature details and other data available in flight logs. Simply amazing for any investigation.

JetEngine and fast data analysis

Last December we introduced our built-in Oxygen Forensic® JetEngine, a 64-bit forensic powerhouse that allows investigators to quickly parse volumes of data and leverage advanced analytical tools to quickly pinpoint evidence. Within the last 6 months it has grown into an unbelievably powerful tool with an enormous amount of useful functions. Among some notable additions include: the ability to view Files and Social Graph Sections for a case, import and parse numerous backups and images including UAS, enhanced Maps with the unique ability to play an animated route showing the direction of travel of the extracted geo coordinates and some amazing new analytical diagrams of collected data.

To help investigators quickly locate data in mobile device extractions we added a new OS Artifacts section where investigators can find the following additional artifacts from Apple iOS jailbroken devices: applications activity, process activity, battery usage, lock state history, Siri activity, etc.

We have also made the integration between Oxygen Forensic® Detective and Oxygen Forensic® JetEngine much smoother. You can now export any Detective extraction to JetEngine just right clicking in the device tree and choosing the Export option.

WHAT TO EXPECT IN THE SECOND PART OF THE YEAR? Many more great features to include our facial recognition and more. Remember, all these great features and additions are available at no additional charge! Stay tuned!

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
In this episode of the Forensic Focus podcast, Si and Desi recap the 18th International Conference on Cyber Warfare and Security (ICCWS). Desi shares his top picks of the best talks, which explore a range of topics, from forensic investigations on Github breaches and blockchain forensics to deepfake technology and network forensics on submarines. They also take a look at LockBit ransomware investigations and examine whether or not there has been a resurgence in 'script kiddies'. Show Notes: ICCWS 2024 program: https://docs.google.com/spreadsheets/d/1u_ajyuxeZ5Hi-989nw50KxI5tTMnKPylhg47fVTp9pk ICCWS 2023 papers (including book): https://papers.academic-conferences.org/index.php/iccws

In this episode of the Forensic Focus podcast, Si and Desi recap the 18th International Conference on Cyber Warfare and Security (ICCWS).

Desi shares his top picks of the best talks, which explore a range of topics, from forensic investigations on Github breaches and blockchain forensics to deepfake technology and network forensics on submarines.

They also take a look at LockBit ransomware investigations and examine whether or not there has been a resurgence in 'script kiddies'.

Show Notes:

ICCWS 2024 program: https://docs.google.com/spreadsheets/d/1u_ajyuxeZ5Hi-989nw50KxI5tTMnKPylhg47fVTp9pk

ICCWS 2023 papers (including book): https://papers.academic-conferences.org/index.php/iccws

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_Yh5SwnVkS1k

18th International Conference on Cyber Warfare and Security (ICCWS 2023)

Forensic Focus 29th March 2023 11:22 am

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools. They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi. Show Notes: A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234 YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/ Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools.

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_7QiFTiuY7Vw

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

Forensic Focus 22nd March 2023 12:44 pm

Throughout the past few years, the way employees communicate with each other has changed forever. 69% of employees note that the number of business applications they use at work has increased during the pandemic. Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment. Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with. Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review. With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications. Join Monica Harris, Product Business Manager, as she showcases how investigators can: - Manage multiple cloud collections through a web interface - Cull data prior to collection to save time and money by gaining these valuable insights of the data available - Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box - Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee - Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 12:00 pm

Load More... Subscribe
This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Digital Forensics Round-Up, March 30 2023
News

Digital Forensics Round-Up, March 30 2023

ByForensic FocusMar 30, 2023
Detego Global & Hi2 Consulting Host 7th Annual SWE Digital Forensics Conference
News

Detego Global & Hi2 Consulting Host 7th Annual SWE Digital Forensics Conference

ByDetego Digital ForensicsMar 30, 2023
File Analysis And DVR Conversion Training From Amped Software
Reviews

File Analysis And DVR Conversion Training From Amped Software

ByForensic FocusMar 29, 2023
18th International Conference On Cyber Warfare And Security (ICCWS 2023)
Podcast

18th International Conference On Cyber Warfare And Security (ICCWS 2023)

ByForensic FocusMar 29, 2023
Detego Global Teams Up With MH Service To Deliver Free Access To Cutting-Edge DFIR Tools
News

Detego Global Teams Up With MH Service To Deliver Free Access To Cutting-Edge DFIR Tools

ByDetego Digital ForensicsMar 27, 2023
Digital Forensics Round-Up, March 23 2023
News

Digital Forensics Round-Up, March 23 2023

ByForensic FocusMar 23, 2023
Share to...
BufferCopyFlipboardHacker NewsLineLinkedInMessengerMixPinterestPocketPrintRedditSMSTelegramTumblrVKWhatsAppXingYummly