Oxygen Forensic® Detective v.15.5 Introduces Support For Android Devices With UNISOC Chipsets

by

The latest update to our flagship solution is here, Oxygen Forensic® Detective v.15.5!

This version introduces support for Android devices based on the UNISOC T610/T618/T700 chipsets, analysis of drive partitions protected with BitLocker, parsing of Samsung Customization Service and many other features.

Support for the UNISOC T610/T618/T700 Chipsets

In Oxygen Forensic® Detective v.15.5 we’ve added the ability to extract hardware keys and decrypt physical dumps of Android devices based on the UNISOC T610/T618/T700 chipsets, running Android OS 10-13 and having File-Based Encryption (FBE). Please use the Spreadtrum method for these types of extractions. Supported devices include Blackview Tab 15, Digma Pro 1480E 4G, Infinix Hot 12 Play Unisoc T610, Lenovo Tab M10 (3rd Gen), Micromax In 2b, Realme C21Y, Teclast T40 plus, and more.

Support for the MT6761 Chipset

We’ve extended our MTK Android method. Oxygen Forensic® Detective v.15.5 enables extraction of hardware keys and decryption of Android devices based on the MT6761 chipset. Our support covers Xiaomi Poco C50, Xiaomi Redmi A1, Xiaomi Redmi A1+, Honor 8S 2020, Huawei Y5 2019, Huawei Y6 Prime 2019, Xiaomi Redmi 6A, and other models.

Extended Support for Samsung Exynos Devices

Oxygen Forensic® Detective v.15.5 adds support for Samsung Exynos devices having Full-Disk Encryption (FDE) and upgraded to Android OS 10-11. This method offers passcode brute force.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Other Device Extractor Updates

Our updated Oxygen Forensic® Device Extractor introduces several other enhancements:

  • Updated extraction of Twitter, Viber, WhatsApp, and WhatsApp Business data via Android Agent.
  • Added keychain extraction via iOS Agent from Apple iOS devices with versions 15.0 – 15.5.
  • Added file system extraction via iOS Agent from Apple iOS devices with versions 15.0 – 15.7.1 and 16.0 – 16.1.2.
  • Added full file system and keychain extraction via checkm8 from Apple iOS devices with version 15.7.5.

App Support

We’ve added support for the following new apps:

  • Hide It Pro (Android)
  • Notepad Vault-AppHider (Android)
  • Notion (Android)
  • Tappsk (Apple iOS)

Moreover, we have added support for a valuable artifact – Samsung Customization Service (com.Samsung.Android.rubin.app). It collects and stores information about the user activity: application usage history, paces, location history, motion history, web history, search history, Wi-Fi connection history, settings, notifications, and events logs.

The total number of supported app versions now exceeds 38,500.

Import of Telegram Exported Data

We’ve added another source for acquiring Telegram data. Now investigators can import and parse Telegram Exported Data files that can be saved using the “Export Telegram Data” option in the Telegram app settings. To import them into our software, click the Downloaded Accounts Data option located on the software Home screen.

Telegram Exported Data files can contain the following information:

  • Account information
  • Contacts
  • Chats
    • Private chats
    • Chats with bots
    • Private channels and groups (only account messages)
    • Public channels and groups (only account messages)
  • Active sessions
  • Attachments
    • Photos
    • Videos
    • Voice messages
    • Video messages
    • Stickers
    • GIF

Cloud Extractor Updates

We’ve added several enhancements to our Cloud Extractor tool:

  • Extraction of Telegram artifacts: reactions, avatars, blocked users, group and channel requests, and Premium account information
  • Updated Facebook data extraction
  • Updated the ability to authorize in Tinder

Learn more about Oxygen Forensic® Cloud Extractor.

Analysis of Drive Partitions Protected with BitLocker

In Oxygen Forensic® Detective v.15.5 we’ve added the ability to analyze drive partitions protected with BitLocker. There are four methods of analysis:

  • If a drive partition is protected and locked, Oxygen Forensic® KeyScout can decrypt it with a known password or BitLocker recover key.
  • If a drive partition is protected and locked, Oxygen Forensic® KeyScout can also decrypt it with a FVEK (Full Volume Encryption Key) or a VMK (Volume Master Key) extracted from RAM memory.
  • If a drive partition is protected, but protectors are deleted or disabled, Oxygen Forensic® KeyScout detects this state and automatically decrypts the drive.
  • If a drive partition is protected but unlocked during the Oxygen Forensic® KeyScout work, investigators can use Oxygen Forensic® KeyScout to decrypt it or use the OS API to find data in a decrypted logical drive.

Analysis of Hibernation Files

Investigators can now analyze hibernation files that show the state of the machine before hibernation. These files might include recent processes, malware analysis, a list of open apps, information regarding open apps, internet history, media such as videos, photos, passwords, geolocation information, and timestamps.

New and Updated Artifacts

With the updated Oxygen Forensic® KeyScout, users can collect the following new artifacts:

  • Known network connections from Windows
  • Saved pop-up notifications from macOS
  • Briar data from Windows and Linux
  • Notepad++ from Windows and Linux
  • Information about the installed Debian Package/Advanced Packaging Tool packages from Linux

Updated artifact support includes:

  • User credentials from Windows Credential Manager
  • Telegram data from macOS

Learn more about Oxygen Forensic® KeyScout.

Interested in trying out Oxygen Forensic® Detective v.15.5? Request a free trial.

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
In this Oxycast webinar, Ryan, from the Oxygen Forensic Training team, discusses the evolution and impact of dating apps, with a focus on forensic analysis. Ryan also demonstrates how you can analyze popular dating applications using the Oxygen Forensic Detective software.

In this Oxycast webinar, Ryan, from the Oxygen Forensic Training team, discusses the evolution and impact of dating apps, with a focus on forensic analysis. Ryan also demonstrates how you can analyze popular dating applications using the Oxygen Forensic Detective software.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_90k-LHOjmcE

Dating Application Analysis

Forensic Focus 68 views 30th May 2023 12:07 pm

In this episode of the Forensic Focus podcast, Desi and Si discuss different online programming courses and what they think about the popular platform, Udemy. They also talk about Flipper, Dev boards, and Raspberry Pi, and delve into the fascinating phenomenon of running the classic game Doom on unlikely devices. Throughout the episode, Desi and Si share their digital forensics expertise, referencing some of the cases they have been working on and highlighting particular methodologies and technologies that have an impact on cybersecurity. Show Notes: 100 Days of Code: The Complete Python Pro Bootcamp for 2023 - https://www.udemy.com/course/100-days-of-code/ Domestika - https://www.domestika.org/en MIT OpenCourseWare - https://www.youtube.com/@mitocw MasterClass - https://www.masterclass.com/ Raspberry Pi 400 Complete Kit - https://core-electronics.com.au/raspberry-pi-400-kit.html Flipper Discord - https://discord.com/invite/flipper Flipper Zero - https://flipperzero.one/ This Programmer Figured Out How to Play Doom on a Pregnancy Test - https://www.popularmechanics.com/science/a33957256/this-programmer-figured-out-how-to-play-doom-on-a-pregnancy-test/ Here’s a dude playing Doom Eternal on his fridge - https://www.polygon.com/2020/10/13/21514933/doom-eternal-refrigerator-door-samsung-smart-refrigerator-xbox-game-pass-richard-mallard Doom hacker gets Doom running in Doom - https://www.pcgamer.com/doom-hacker-gets-doom-running-in-doom/ Doom Running On A Calculator Powered By Old Potatoes - https://kotaku.com/doom-running-on-a-calculator-powered-by-old-potatoes-1845374069 GoldenEra - https://www.imdb.com/title/tt11753760/ Racing the Beam - https://en.wikipedia.org/wiki/Racing_the_Beam High Score (TV series) - https://en.wikipedia.org/wiki/High_Score_(TV_series) Microcontroller Courses (Udemy) - https://www.udemy.com/topic/microcontroller/ The story of Final Fantasy XIV’s renegade do-good modders - https://www.pcgamesn.com/final-fantasy-xiv/ffxiv-modders-renegade-do-gooders Logical fallacies - https://yourlogicalfallacyis.com/

In this episode of the Forensic Focus podcast, Desi and Si discuss different online programming courses and what they think about the popular platform, Udemy. They also talk about Flipper, Dev boards, and Raspberry Pi, and delve into the fascinating phenomenon of running the classic game Doom on unlikely devices.

Throughout the episode, Desi and Si share their digital forensics expertise, referencing some of the cases they have been working on and highlighting particular methodologies and technologies that have an impact on cybersecurity.

Show Notes:

100 Days of Code: The Complete Python Pro Bootcamp for 2023 - https://www.udemy.com/course/100-days-of-code/

Domestika - https://www.domestika.org/en

MIT OpenCourseWare - https://www.youtube.com/@mitocw

MasterClass - https://www.masterclass.com/

Raspberry Pi 400 Complete Kit - https://core-electronics.com.au/raspberry-pi-400-kit.html

Flipper Discord - https://discord.com/invite/flipper

Flipper Zero - https://flipperzero.one/

This Programmer Figured Out How to Play Doom on a Pregnancy Test - https://www.popularmechanics.com/science/a33957256/this-programmer-figured-out-how-to-play-doom-on-a-pregnancy-test/

Here’s a dude playing Doom Eternal on his fridge - https://www.polygon.com/2020/10/13/21514933/doom-eternal-refrigerator-door-samsung-smart-refrigerator-xbox-game-pass-richard-mallard

Doom hacker gets Doom running in Doom - https://www.pcgamer.com/doom-hacker-gets-doom-running-in-doom/

Doom Running On A Calculator Powered By Old Potatoes - https://kotaku.com/doom-running-on-a-calculator-powered-by-old-potatoes-1845374069

GoldenEra - https://www.imdb.com/title/tt11753760/

Racing the Beam - https://en.wikipedia.org/wiki/Racing_the_Beam

High Score (TV series) - https://en.wikipedia.org/wiki/High_Score_(TV_series)

Microcontroller Courses (Udemy) - https://www.udemy.com/topic/microcontroller/

The story of Final Fantasy XIV’s renegade do-good modders - https://www.pcgamesn.com/final-fantasy-xiv/ffxiv-modders-renegade-do-gooders

Logical fallacies - https://yourlogicalfallacyis.com/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_5f72B6DD5wk

Programming Languages, Flipper And Gaming

Forensic Focus 72 views 24th May 2023 11:43 am

In this episode of the Forensic Focus podcast, Si and Desi talk to Mackenzie Jackson, Developer Advocate at Git Guardian. Mackenzie discusses the problem of hard-coded and leaked credentials in Git repositories, the task of scanning Git repositories for leaked credentials, and how that’s helped by the setup of GitHub and Git. He also looks at some public and private cases of security breaches through Git repositories and recommends tools you can use to combat attackers on Git. Show Notes: Toyota Suffered a Data Breach by Accidentally Exposing A Secret Key Publicly On GitHub (GitGuardian) - https://blog.gitguardian.com/toyota-accidently-exposed-a-secret-key-publicly-on-github-for-five-years/ GitHub.com rotates its exposed private SSH key (Bleeping Computer) - https://www.bleepingcomputer.com/news/security/githubcom-rotates-its-exposed-private-ssh-key/ Conpago - https://www.conpago.com.au/ Source Code as a Vulnerability - A Deep Dive into the Real Security Threats From the Twitch Leak (GitGuardian) - https://blog.gitguardian.com/security-threats-from-the-twitch-leak/ Teenagers Leveraging Insider Threats: Lapsus$ Hacker Group (Forbes) - https://www.forbes.com/sites/emilsayegh/2023/03/15/teenagers-leveraging-insider-threats-lapsus-hacker-group Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal (BBC) - https://www.bbc.co.uk/news/technology-60864283 Dynamic Secrets (HashiCorp) - https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-dynamic-secrets Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault (GitGuardian) - https://blog.gitguardian.com/crappy-code-crappy-copilot/ trufflesecurity/trufflehog (GitHub) - https://github.com/trufflesecurity/trufflehog gitleaks/gitleaks (GitHub) - https://github.com/gitleaks/gitleaks Git (Wikipedia) - https://en.wikipedia.org/wiki/Git awslabs/git-secrets (GitHub) - https://github.com/awslabs/git-secrets

In this episode of the Forensic Focus podcast, Si and Desi talk to Mackenzie Jackson, Developer Advocate at Git Guardian.

Mackenzie discusses the problem of hard-coded and leaked credentials in Git repositories, the task of scanning Git repositories for leaked credentials, and how that’s helped by the setup of GitHub and Git.

He also looks at some public and private cases of security breaches through Git repositories and recommends tools you can use to combat attackers on Git.

Show Notes:

Toyota Suffered a Data Breach by Accidentally Exposing A Secret Key Publicly On GitHub (GitGuardian) - https://blog.gitguardian.com/toyota-accidently-exposed-a-secret-key-publicly-on-github-for-five-years/

GitHub.com rotates its exposed private SSH key (Bleeping Computer) - https://www.bleepingcomputer.com/news/security/githubcom-rotates-its-exposed-private-ssh-key/

Conpago - https://www.conpago.com.au/

Source Code as a Vulnerability - A Deep Dive into the Real Security Threats From the Twitch Leak (GitGuardian) - https://blog.gitguardian.com/security-threats-from-the-twitch-leak/

Teenagers Leveraging Insider Threats: Lapsus$ Hacker Group (Forbes) - https://www.forbes.com/sites/emilsayegh/2023/03/15/teenagers-leveraging-insider-threats-lapsus-hacker-group

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal (BBC) - https://www.bbc.co.uk/news/technology-60864283

Dynamic Secrets (HashiCorp) - https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-dynamic-secrets

Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault (GitGuardian) - https://blog.gitguardian.com/crappy-code-crappy-copilot/

trufflesecurity/trufflehog (GitHub) - https://github.com/trufflesecurity/trufflehog

gitleaks/gitleaks (GitHub) - https://github.com/gitleaks/gitleaks

Git (Wikipedia) - https://en.wikipedia.org/wiki/Git

awslabs/git-secrets (GitHub) - https://github.com/awslabs/git-secrets

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_BX15Z_xF8mA

Preventing Data Leaks With Git Guardian

Forensic Focus 72 views 3rd May 2023 11:07 am

Load More... Subscribe

Latest Articles

ADF Solutions Announces Sponsorship And Speaking Session At Techno Security East
News

ADF Solutions Announces Sponsorship And Speaking Session At Techno Security East

ByadfsolutionsJun 6, 2023
Why DFIR Is The New Frontier Of Cybersecurity
News

Why DFIR Is The New Frontier Of Cybersecurity

ByBinalyzeJun 5, 2023
Magnet Forensics Now Offering Training In New Online Self-Paced Microlearning Format
News

Magnet Forensics Now Offering Training In New Online Self-Paced Microlearning Format

ByMagnetForensicsJun 2, 2023
Digital Forensics Round-Up, June 01 2023
News

Digital Forensics Round-Up, June 01 2023

ByForensic FocusJun 1, 2023
Analysing Dating Apps Using Oxygen Forensic Detective
Articles

Analysing Dating Apps Using Oxygen Forensic Detective

ByOxygenForensicsMay 31, 2023
Event Recap: Forensics Europe Expo (FEE) 2023
Event Info & Recaps

Event Recap: Forensics Europe Expo (FEE) 2023

ByForensic FocusMay 30, 2023
Share to...
BufferCopyFlipboardHacker NewsLineLinkedInMessengerMixPinterestPocketPrintRedditSMSTelegramTumblrVKWhatsAppXingYummly