Customizing Password Attacks in Oxygen Forensic Detective

Device screen locks and encryption are some of the most significant challenges law enforcement faces in acquiring data for investigations. With Oxygen Forensic® Detective, however, investigators can bypass screen locks to extract and decrypt crucial evidence from Android devices based on Kirin, Exynos, Qualcomm, MTK, and Spreadtrum chipsets. Thanks to the built-in brute force module that is available at no additional charge, investigators can easily find passcodes to unlock devices and decrypt evidence.

Oxygen Forensic® Detective v.14.0 presents two great enhancements to the brute force module. Let’s have a look at each of them in this article.

Creating custom dictionaries

Investigators can now easily create and manage custom dictionaries for brute-force attacks in one designated location. Our new Passwords Manager tool can be accessed through the Accounts and Passwords section or from the software Options menu. Our Passwords Manager tool accumulates passwords from all the extractions that were performed within the software. Extractions are shown on the left-side panel of the tool.

As mentioned, the Passwords Manager allows investigators to create custom dictionaries for brute-force attacks.

There are several ways an investigator can create a custom password dictionary:


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

  • Use the passwords from the available extractions
  • Upload a dictionary file from a computer in a .txt format
  • Enter passwords manually into the Passwords Manager

Once a new password list is created and named, investigators can select it in the Attack Manager within the brute-force module window. To open the Attack Manager, click the Selected algorithms option in the Enter password window.

Under Passwords lists, investigators can select the appropriate custom dictionary list and begin the password recovery process.

Creating custom attacks

In previous versions of Oxygen Forensic® Detective, investigators were limited to using pre-installed password attacks. With Oxygen Forensic® Detective v.14.0, they have the option to create and apply new attacks using the options available in the Passware Kit Mobile module.

To do this, click the “Add Custom Attack” button in the Attack Manager, name the new attack, and wait for the “Passware Kit Mobile” window to open.

In the Passware Kit Mobile window,  investigators can create basic or grouping attacks. For more information about the supported attacks, read this article on password recovery attacks.

Once a new attack is saved, it will be shown in the Attack Manager and can immediately be used for password recovery in Oxygen Forensic® Detective.

Wish to learn more about our custom dictionaries? Watch our knowledge nugget on them and their use in Oxygen Forensic® KeyScout.

Leave a Comment

Latest Videos

Digital Forensics News Round Up, February 28 2024 #digitalforensics #dfir

Forensic Focus 29th February 2024 4:58 pm

Digital Forensics News Round-Up, February 21 2024 #digitalforensics #dfir

Forensic Focus 21st February 2024 6:19 pm

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. 

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director 
43:45 – Privacy of user data

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts.

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director
43:45 – Privacy of user data

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_ifoHVkjJtRc

How MSAB Is Managing The Digital Forensics Challenges Of Frontline Policing

Forensic Focus 21st February 2024 3:07 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles