Oxygen Forensic® Detective v.15.0 Increases Its Screen Lock Bypass Capabilities for Xiaomi Devices

Oxygen Forensics, a global leader in digital forensics for law enforcement, federal agencies, and corporate clients, announced today the release of the latest version of the all-in-one digital forensic solution, Oxygen Forensic® Detective v.15.0. This version significantly expands extraction support, grants access to more cloud data, and introduces a new analytic feature for call and message logs.

Screen lock bypass for Xiaomi devices

In Oxygen Forensic® Detective v.15.0, we extend our support for Xiaomi devices with File-Based Encryption (FBE) by adding two more MTK chipsets: Helio G88 (MT6768) and Helio G90T (MT6785).

Oxygen Forensic® Detective extracts hardware keys and allows you to either enter the known password or find it with the built-in brute force module.

Supported devices include Xiaomi Redmi 10 Prime 2022, Xiaomi Redmi 10 Global, Xiaomi Redmi 10 Prime, and Xiaomi Redmi Note 8 Pro.

Android Keystore extraction from Qualcomm-based Huawei devices

We’ve added the ability to extract encryption keys from the Android Keystore from Huawei devices based on the Qualcomm chipsets: MSM8917, MSM8937, and MSM8940.

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

To use this functionality, select the Huawei Qualcomm EDL method in the Oxygen Forensic® Device Extractor. With the extracted encryption keys, Oxygen Forensic® Detective can currently decrypt ProtonMail, Silent Phone, and Signal apps.

Kik Messenger extraction via Android Agent

Now you can quickly collect Kik Messenger contacts as well as private and group chats from any unlocked Android device using Android Agent. It can be installed on a device via USB, WiFi, or OTG device.

Once the acquisition process is finished, the Android Agent extraction can be imported into Oxygen Forensic® Detective for review and analysis.

iOS selective extraction

We’ve enhanced the ability to selectively extract evidence from Apple iOS devices. Previously, only selective extraction was available for the 30 most popular apps. Now you can choose any installed app for extraction. This feature is available for the checkm8, SSH, and iOS Agent extraction methods.

Redesigned SIM card extraction

In this software version, we’ve redesigned the SIM Card extraction method and now it is available in the new Oxygen Forensic® Device Extractor.

App support

In Oxygen Forensic® Detective v.15.0, we’ve added support for the following new apps:

  • Temp Mail (iOS, Android)
  • Phone by Google (Android)
  • Huawei Notes (Android)
  • Calculator# (iOS)
  • Calculator+ (iOS)
  • Bigo Live (iOS)

The total number of supported app versions exceeds 33800.

Updated cloud support

We’ve completely redesigned our support for Box, a popular file-sharing service. Now many new artifacts can be extracted:

  • Contacts
  • Collections
  • Tasks
  • Notifications
  • Notes
  • Sessions
  • Comments to files and notes

We’ve also updated the authorization algorithm for OnlyFans. Now the lists that the account owner follows can be extracted from Twitter.

KeyScout updates

With the updated Oxygen Forensic® KeyScout, you can collect the following new artifacts:

  • list of network connections from volatile memory (Windows)
  • list of loaded modules from volatile memory (Windows)
  • list of open files from volatile memory (Windows)
  • CryptnetURLCache (Windows)
  • WMI persistence (Windows)
  • Stage Manager (macOS 13)

Updated artifact support includes:

  • Microsoft Edge (Windows)
  • Tor Browser (Windows, macOS, and Linux)
  • Calendar, Reminders, Notes, System Events, User Activity (macOS13)

Brute force for Oppo device extractions

Passcode brute force is now available for extractions of Oppo devices based on the MT6765 chipset and having File-Based Encryption. Supported device models include Oppo A16, Oppo A16s, and Oppo A16K.

Semantic Location History parsing

There are two sources of location data in a Google Takeout: Location History file and Semantic Location History files created for every month.

Semantic Location History data can now be fully parsed by Oxygen Forensic® Detective when the Google Takeout file is imported. Semantic Location History files contain detailed information about the account owner’s visited locations and journeys.

Comparison of call and message logs with CDR

Oxygen Forensic® Detective v.15.0 presents a new analysis tool – the ability to compare call and message logs extracted from a device with Call Data Records provided by mobile service providers.

This feature is useful in situations when calls or messages have been manually deleted from a device. Using this comparison tool, you can fill in the gaps and see the complete picture.

To perform the comparison, go to the Timeline section and select the “Compare call and message logs with call data records” option in the Smart Filters. Once you select the devices and CDRs for comparison, the software will show you calls and messages in one list, in chronological order.

Facial Categorization updates

We’ve added two enhancements:

  • In the Files section, you can add a face from a video frame to a face set that can be used to search faces in extracted evidence.
  • We’ve added a multi-thread facial categorization using both CPU and GPU. You can choose a number of threads on the Advanced analytics tab in the software Options menu.

Search in file metadata

You can now run search in file metadata on the Text, Keywords, and RegExp tabs of the Search section. This option is also included in search templates.


Leave a Comment

Latest Articles