Oxygen Forensic® Detective v.15.0 Increases Its Screen Lock Bypass Capabilities for Xiaomi Devices

Oxygen Forensics, a global leader in digital forensics for law enforcement, federal agencies, and corporate clients, announced today the release of the latest version of the all-in-one digital forensic solution, Oxygen Forensic® Detective v.15.0. This version significantly expands extraction support, grants access to more cloud data, and introduces a new analytic feature for call and message logs.

Screen lock bypass for Xiaomi devices

In Oxygen Forensic® Detective v.15.0, we extend our support for Xiaomi devices with File-Based Encryption (FBE) by adding two more MTK chipsets: Helio G88 (MT6768) and Helio G90T (MT6785).

Oxygen Forensic® Detective extracts hardware keys and allows you to either enter the known password or find it with the built-in brute force module.

Supported devices include Xiaomi Redmi 10 Prime 2022, Xiaomi Redmi 10 Global, Xiaomi Redmi 10 Prime, and Xiaomi Redmi Note 8 Pro.

Android Keystore extraction from Qualcomm-based Huawei devices

We’ve added the ability to extract encryption keys from the Android Keystore from Huawei devices based on the Qualcomm chipsets: MSM8917, MSM8937, and MSM8940.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

To use this functionality, select the Huawei Qualcomm EDL method in the Oxygen Forensic® Device Extractor. With the extracted encryption keys, Oxygen Forensic® Detective can currently decrypt ProtonMail, Silent Phone, and Signal apps.

Kik Messenger extraction via Android Agent

Now you can quickly collect Kik Messenger contacts as well as private and group chats from any unlocked Android device using Android Agent. It can be installed on a device via USB, WiFi, or OTG device.

Once the acquisition process is finished, the Android Agent extraction can be imported into Oxygen Forensic® Detective for review and analysis.

iOS selective extraction

We’ve enhanced the ability to selectively extract evidence from Apple iOS devices. Previously, only selective extraction was available for the 30 most popular apps. Now you can choose any installed app for extraction. This feature is available for the checkm8, SSH, and iOS Agent extraction methods.

Redesigned SIM card extraction

In this software version, we’ve redesigned the SIM Card extraction method and now it is available in the new Oxygen Forensic® Device Extractor.

App support

In Oxygen Forensic® Detective v.15.0, we’ve added support for the following new apps:

  • Temp Mail (iOS, Android)
  • Phone by Google (Android)
  • Huawei Notes (Android)
  • Calculator# (iOS)
  • Calculator+ (iOS)
  • Bigo Live (iOS)

The total number of supported app versions exceeds 33800.

Updated cloud support

We’ve completely redesigned our support for Box, a popular file-sharing service. Now many new artifacts can be extracted:

  • Contacts
  • Collections
  • Tasks
  • Notifications
  • Notes
  • Sessions
  • Comments to files and notes

We’ve also updated the authorization algorithm for OnlyFans. Now the lists that the account owner follows can be extracted from Twitter.

KeyScout updates

With the updated Oxygen Forensic® KeyScout, you can collect the following new artifacts:

  • list of network connections from volatile memory (Windows)
  • list of loaded modules from volatile memory (Windows)
  • list of open files from volatile memory (Windows)
  • CryptnetURLCache (Windows)
  • WMI persistence (Windows)
  • Stage Manager (macOS 13)

Updated artifact support includes:

  • Microsoft Edge (Windows)
  • Tor Browser (Windows, macOS, and Linux)
  • Calendar, Reminders, Notes, System Events, User Activity (macOS13)

Brute force for Oppo device extractions

Passcode brute force is now available for extractions of Oppo devices based on the MT6765 chipset and having File-Based Encryption. Supported device models include Oppo A16, Oppo A16s, and Oppo A16K.

Semantic Location History parsing

There are two sources of location data in a Google Takeout: Location History file and Semantic Location History files created for every month.

Semantic Location History data can now be fully parsed by Oxygen Forensic® Detective when the Google Takeout file is imported. Semantic Location History files contain detailed information about the account owner’s visited locations and journeys.

Comparison of call and message logs with CDR

Oxygen Forensic® Detective v.15.0 presents a new analysis tool – the ability to compare call and message logs extracted from a device with Call Data Records provided by mobile service providers.

This feature is useful in situations when calls or messages have been manually deleted from a device. Using this comparison tool, you can fill in the gaps and see the complete picture.

To perform the comparison, go to the Timeline section and select the “Compare call and message logs with call data records” option in the Smart Filters. Once you select the devices and CDRs for comparison, the software will show you calls and messages in one list, in chronological order.

Facial Categorization updates

We’ve added two enhancements:

  • In the Files section, you can add a face from a video frame to a face set that can be used to search faces in extracted evidence.
  • We’ve added a multi-thread facial categorization using both CPU and GPU. You can choose a number of threads on the Advanced analytics tab in the software Options menu.

Search in file metadata

You can now run search in file metadata on the Text, Keywords, and RegExp tabs of the Search section. This option is also included in search templates.

 

Leave a Comment

Latest Videos

Digital Forensics News Round Up, February 28 2024 #digitalforensics #dfir

Forensic Focus 29th February 2024 4:58 pm

Digital Forensics News Round-Up, February 21 2024 #digitalforensics #dfir

Forensic Focus 21st February 2024 6:19 pm

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. 

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director 
43:45 – Privacy of user data

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts.

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director
43:45 – Privacy of user data

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_ifoHVkjJtRc

How MSAB Is Managing The Digital Forensics Challenges Of Frontline Policing

Forensic Focus 21st February 2024 3:07 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles