Oxygen Forensic Detective 13.2 is here! Introducing import of Samsung Smart Switch backups, extraction from Evernote and VIPole clouds, improved Facial and Image Recognition, extended checkm8 support, and much more.
Import of Samsung Smart Switch backups
Samsung Smart Switch is used to transfer content between Samsung Galaxy devices. Samsung Smart Switch backups can be created using Samsung Smart Switch on a desktop or with the mobile app.
Oxygen Forensic® Detective 13.2 now enables import, decryption, and parsing of Samsung Smart Switch backups, a great alternative source of evidence from Samsung devices. Currently, decryption is possible with a known password.
Once imported, Samsung backup data will consist of contacts, calls, messages, cached app pictures, apk files, Samsung web browser data, information about Wi-Fi connections, and access points.
By adding import of Samsung Smart Switch backups, Oxygen Forensics has significantly extended its catalog of supported Samsung devices which already included screen lock bypass for Samsung Exynos devices as well as cloud extraction of Samsung backups, Samsung Secure Folder, and Samsung Cloud data.
Acquisition of Android 10 devices
In Oxygen Forensic® Detective 13.1, we introduced file system extraction for pre-rooted Android devices, including those that run Android OS 10 and have File-based encryption.
In Oxygen Forensic® Detective 13.2, we made yet another step forward – now investigators can use the root exploits available in Oxygen Forensic® Extractor to temporally gain root rights and acquire a file system from Android OS 10 devices with FBE. Evidence sets will include not only basic device data but applications as well.
Enhanced OxyAgent utility
We’ve made significant enhancements to our OxyAgent utility this year. Investigators can extract logical data from any unlocked Android device as well as screenshot data and extract evidence from WhatsApp and Signal Messengers.
Oxygen Forensic® Detective’s  Oxygent in 13.2 brings two key enhancements:
- Extraction of all apk files – with this data, investigators can quickly gain insights into what apps were installed on an Android device, including possible malware.
- Extraction of the information about the file system – this includes file name, creation and modification date, size, and path. If a device has root rights, OxyAgent will also extract the information about the files access to which is only possible for rooted devices. This evidence might be used to find suspicious files by hash sets when file content is not of primary importance.
Extended checkm8 support
With every release we extend our checkm8 support. Oxygen Forensic® Detective 13.2 now allows investigators to acquire a full file system and keychain from the following devices running iOS up to 14.3:
- iPhone 6S
- iPhone 6S Plus
- iPhone SE
- iPhone 7
- iPhone 7 Plus
- iPhone 8
- iPhone 8 Plus
- iPhone X
- iPad 5
- iPad 6
- iPad 7
- iPod Touch 7
- iPad mini 4
Moreover, we’ve added support for iPhone 5S devices running iOS 12.2 – 12.5. Please check the full compatibility list in Oxygen Forensic® Extractor under the iOS Advanced Extraction option.
VIPole and Evernote cloud extraction
Two new cloud services were introduced in this update – Evernote and VIPole. In total, Oxygen Forensic® Detective 13.2 enables cloud data extraction from 90 unique cloud services. There is no other company that supports more services.
- VIPole – this app offers secure messaging, video, calls, and sharing for individuals, teams, and enterprises. With the updated Oxygen Forensic® Cloud Extractor, investigators can gain access to contacts, chats, calls, notes, balances, subscriptions, passwords, and other data using the corresponding login credentials or a token.
- Evernote – While primarily designed for notetaking, this app also assists with organization, task management, and archiving. Like VIPole, authorization is available via login credentials or token. Oxygen Forensic® Cloud Extractor will extract account information, notes, chats, contacts, and other available data.
In addition to adding two new cloud services, we have also updated WhatsApp backup decryption via phone number, improved 2FA support for all Google services, added preliminary support for iCloud backups made from Apple iOS 14.3 devices and increased Outlook Mail support.
Extraction of new computer artifacts
The updated Oxygen Forensic® KeyScout allows investigators to collect user data from 5 new apps: Zalo, Pidgin, Gajim, Adium, and Tor Browser. We’ve also updated data collection from WhatsApp Desktop, Viber Desktop, and Firefox. To top that all off, KeyScout gives investigators the option to set time-filters for data collection and choose to extract all the files from Documents, Desktop, and Downloads folders.
Enhanced Image and Facial Recognition
We’ve made two improvements to our built-in Image and Facial Recognition sections:
- Investigators can now automatically categorize extracted maps and QR/Barcodes using our Image Categorization engine. In total, our Image Categorization tool offers 16 categories for data organization, including weapons, drugs, child abuse, nudity, extremism, vehicles, chats, and more.
- Our Facial Recognition engine can now identify people wearing masks, hats, and glasses.
You can ask for a fully-featured demo license here.
