Oxygen Forensic Detective 14.2 Supports Google Warrant Returns and Android GrayKey Images

We are delighted to introduce the latest update of our flagship software, Oxygen Forensic® Detective v.14.2! This new version introduces updated device and cloud acquisition methods, enhanced data import capabilities, and support for many new artifacts.

Enhanced Support for Huawei Kirin Devices

In Oxygen Forensic® Detective v.14.2, we’ve updated the Huawei Dump method that works with Kirin-based devices running Android OS 9 and 10. It now supports Huawei devices with the SPL (Security Patch Level) of May and June 2021. For devices with the updated SPL, we have changed the password brute force algorithm. Now password recovery is done on devices while extracting hardware keys, instead of on a dump. This method works for both device data and PrivateSpace extraction.

Redesigned iTunes Backup Method

We’ve completely redesigned and improved the iTunes backup method that is used for logical data extraction from unlocked Apple iOS devices. This method is now available in the new Device Extractor. Besides the improved GUI, investigators will be able to view more detailed information about the extraction while it occurs.  Furthermore, extractions will be immediately saved in the destination folder that investigators choose. Previously, it was temporarily saved in the default folder on Disk C. For connection, investigators will now need only iTunes, which can be downloaded from the official website or the Microsoft Store.

App Support

In this new release, we lay focus on VPN app parsing. Investigators can now extract evidence from CyberGhost VPN, ZenMate VPN, ExpressVPN, NordVPN, and RusVPN apps. Moreover, Oxygen Forensic® Detective v.14.2 introduces support for Flock, AntonChat, VK Mail and Clubhouse (Android). The total number of supported app versions now exceeds 26,300.

Selective Data Analysis

Oxygen Forensic® Detective v.14.2 introduces a great time-saving feature – Selective Data Analysis. Now, before data import, investigators can select what data to parse for further analysis. To use this feature, select the “Selective Data Analysis” option in the Import Wizard and check the particular apps that need to be parsed. This functionality not only saves an incredible amount of time but also allows investigators to parse only the data required for the current investigation. This feature is supported for iOS, Android, and KaiOS extractions.

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

Google Warrant Returns

Oxygen Forensic® Detective v.14.2 can ingest and parse Google Warrant Returns. Investigators can expect the following evidence set: device details, calendars, GMail contacts, GMail messages, Google Drive, Locations History, and My Activity. This is the 5th type of Warrant Returns that our software can parse. Our other supported returns are for Instagram, Facebook, Twitter, and Snapchat.

Other Import Updates

There are several other import enhancements in Oxygen Forensic® Detective v.14.2. First, we’ve added support for Android GrayKey extractions. Second, investigators can now ingest and parse UFDX files. Finally, we’ve updated our support for the latest versions of Samsung Smart Switch backups.

Cloud Extractor Updates

In response to customer requests, we’ve mainly focused on the update of already supported cloud services. We’ve updated the authorization algorithms for the WhatsApp QR, WhatsApp Cloud, VIPole, Telegram, Foursquare, and Microsoft services. We’ve also updated our support for LinkedIn. Lastly, we’ve redesigned the way extracted emails (IMAP) are shown in Oxygen Forensic® Detective. Now, the analysis of cloud emails will be much easier.

New Computer Artifacts

The updated Oxygen Forensic® KeyScout allows investigators to collect more artifacts on Windows computers:

  • USN (NTFS) journals
  • LogFile (NTFS) journals
  • LNK files from Windows Desktop and other sources
  • TOAST notifications

Additionally,  we’ve added the ability to collect Google Drive data for Desktop from Windows and macOS computers. Investigators can extract files, images, folders, caches, and the list of synchronized devices.

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles