Customizing Password Attacks in Oxygen Forensic Detective

Device screen locks and encryption are some of the most significant challenges law enforcement faces in acquiring data for investigations. With Oxygen Forensic® Detective, however, investigators can bypass screen locks to extract and decrypt crucial evidence from Android devices based on Kirin, Exynos, Qualcomm, MTK, and Spreadtrum chipsets. Thanks to the built-in brute force module that is available at no additional charge, investigators can easily find passcodes to unlock devices and decrypt evidence.

Oxygen Forensic® Detective v.14.0 presents two great enhancements to the brute force module. Let’s have a look at each of them in this article.

Creating custom dictionaries

Investigators can now easily create and manage custom dictionaries for brute-force attacks in one designated location. Our new Passwords Manager tool can be accessed through the Accounts and Passwords section or from the software Options menu. Our Passwords Manager tool accumulates passwords from all the extractions that were performed within the software. Extractions are shown on the left-side panel of the tool.

As mentioned, the Passwords Manager allows investigators to create custom dictionaries for brute-force attacks.

There are several ways an investigator can create a custom password dictionary:


Get The Latest DFIR News!

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

  • Use the passwords from the available extractions
  • Upload a dictionary file from a computer in a .txt format
  • Enter passwords manually into the Passwords Manager

Once a new password list is created and named, investigators can select it in the Attack Manager within the brute-force module window. To open the Attack Manager, click the Selected algorithms option in the Enter password window.

Under Passwords lists, investigators can select the appropriate custom dictionary list and begin the password recovery process.

Creating custom attacks

In previous versions of Oxygen Forensic® Detective, investigators were limited to using pre-installed password attacks. With Oxygen Forensic® Detective v.14.0, they have the option to create and apply new attacks using the options available in the Passware Kit Mobile module.

To do this, click the “Add Custom Attack” button in the Attack Manager, name the new attack, and wait for the “Passware Kit Mobile” window to open.

In the Passware Kit Mobile window,  investigators can create basic or grouping attacks. For more information about the supported attacks, read this article on password recovery attacks.

Once a new attack is saved, it will be shown in the Attack Manager and can immediately be used for password recovery in Oxygen Forensic® Detective.

Wish to learn more about our custom dictionaries? Watch our knowledge nugget on them and their use in Oxygen Forensic® KeyScout.

Leave a Comment

Latest Videos

Magnet Forensics' Matt Suiche on the Rise of e-Crime and Info Stealers

Forensic Focus 12th January 2023 3:00 am

Just like your current holiday shopping for last minute presents a lot of the good stuff has gone off the shelves already. You reach to the back and find the toy nobody really wanted but it’s the thought that counts, you stare down at Si and Desi’s Holiday Special 2022 podcast. 

Please join these two as they lament over the year that was, discuss all the things they didn’t do but promise they will do them next year, query whether putting a NAS in the storage of a roller door is a good idea, and finally arrive at what they’re looking forward to bringing you in the new year.

Show Notes:

Arduino PLC IDE - https://docs.arduino.cc/software/plc-ide
Mycroft Mark II (open source Alexa) - https://www.kickstarter.com/projects/aiforeveryone/mycroft-mark-ii-the-open-voice-assistant
Christa’s new blog - https://christammiller.com/
Si’s holiday reading - https://amzn.to/3iJyGrR
Desi’s holiday reading -  https://inteltechniques.com/
Strange event for the end of the year - https://www.reuters.com/world/europe/25-suspected-members-german-far-right-group-arrested-raids-prosecutors-office-2022-12-07/
Si’s wishful thinking - https://www.youtube.com/watch?v=GXnRgXclLd0
Si’s list to do before the EOY - https://intrepidcamera.co.uk/products/intrepid-4x5-camera
Desi’s list to do before EOY - https://www.wired.com/story/how-to-reset-your-phone-before-you-sell-it/
“Cleaning your office” - https://www.manfrotto.com/uk-en/vintage-collapsible-1-5-x-2-1m-ink-sage-ll-lb5720/
Conference recorder - https://amzn.to/3UBmre5
Desi’s blog - https://www.hardlyadequate.com/

Just like your current holiday shopping for last minute presents a lot of the good stuff has gone off the shelves already. You reach to the back and find the toy nobody really wanted but it’s the thought that counts, you stare down at Si and Desi’s Holiday Special 2022 podcast.

Please join these two as they lament over the year that was, discuss all the things they didn’t do but promise they will do them next year, query whether putting a NAS in the storage of a roller door is a good idea, and finally arrive at what they’re looking forward to bringing you in the new year.

Show Notes:

Arduino PLC IDE - https://docs.arduino.cc/software/plc-ide
Mycroft Mark II (open source Alexa) - https://www.kickstarter.com/projects/aiforeveryone/mycroft-mark-ii-the-open-voice-assistant
Christa’s new blog - https://christammiller.com/
Si’s holiday reading - https://amzn.to/3iJyGrR
Desi’s holiday reading - https://inteltechniques.com/
Strange event for the end of the year - https://www.reuters.com/world/europe/25-suspected-members-german-far-right-group-arrested-raids-prosecutors-office-2022-12-07/
Si’s wishful thinking - https://www.youtube.com/watch?v=GXnRgXclLd0
Si’s list to do before the EOY - https://intrepidcamera.co.uk/products/intrepid-4x5-camera
Desi’s list to do before EOY - https://www.wired.com/story/how-to-reset-your-phone-before-you-sell-it/
“Cleaning your office” - https://www.manfrotto.com/uk-en/vintage-collapsible-1-5-x-2-1m-ink-sage-ll-lb5720/
Conference recorder - https://amzn.to/3UBmre5
Desi’s blog - https://www.hardlyadequate.com/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_BhrBg5_sAKo

Si and Desi Holiday Special 2022

Forensic Focus 16th December 2022 12:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...