Customizing Password Attacks in Oxygen Forensic Detective

Device screen locks and encryption are some of the most significant challenges law enforcement faces in acquiring data for investigations. With Oxygen Forensic® Detective, however, investigators can bypass screen locks to extract and decrypt crucial evidence from Android devices based on Kirin, Exynos, Qualcomm, MTK, and Spreadtrum chipsets. Thanks to the built-in brute force module that is available at no additional charge, investigators can easily find passcodes to unlock devices and decrypt evidence.

Oxygen Forensic® Detective v.14.0 presents two great enhancements to the brute force module. Let’s have a look at each of them in this article.

Creating custom dictionaries

Investigators can now easily create and manage custom dictionaries for brute-force attacks in one designated location. Our new Passwords Manager tool can be accessed through the Accounts and Passwords section or from the software Options menu. Our Passwords Manager tool accumulates passwords from all the extractions that were performed within the software. Extractions are shown on the left-side panel of the tool.

As mentioned, the Passwords Manager allows investigators to create custom dictionaries for brute-force attacks.

There are several ways an investigator can create a custom password dictionary:

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

  • Use the passwords from the available extractions
  • Upload a dictionary file from a computer in a .txt format
  • Enter passwords manually into the Passwords Manager

Once a new password list is created and named, investigators can select it in the Attack Manager within the brute-force module window. To open the Attack Manager, click the Selected algorithms option in the Enter password window.

Under Passwords lists, investigators can select the appropriate custom dictionary list and begin the password recovery process.

Creating custom attacks

In previous versions of Oxygen Forensic® Detective, investigators were limited to using pre-installed password attacks. With Oxygen Forensic® Detective v.14.0, they have the option to create and apply new attacks using the options available in the Passware Kit Mobile module.

To do this, click the “Add Custom Attack” button in the Attack Manager, name the new attack, and wait for the “Passware Kit Mobile” window to open.

In the Passware Kit Mobile window,  investigators can create basic or grouping attacks. For more information about the supported attacks, read this article on password recovery attacks.

Once a new attack is saved, it will be shown in the Attack Manager and can immediately be used for password recovery in Oxygen Forensic® Detective.

Wish to learn more about our custom dictionaries? Watch our knowledge nugget on them and their use in Oxygen Forensic® KeyScout.

Leave a Comment

Latest Articles