Oxygen Forensic® Detective v.16.0 Introduces Decryption Of VeraCrypt Containers

by

Key features include:

  • APK Downgrade support for Android OS 12 – 13
  • Decryption and extraction of VeraCrypt containers
  • Passcode brute force for Apple Notes and Briar app
  • Cloud extraction of Clubhouse, Bumble, and Google Messages
  • New categories in the Image Categorization engine

For a full list of updates, refer to the “What’s New” file in the Oxygen Forensic® Detective “Options” menu.

Mobile Forensic Updates

Support for Xiaomi Redmi devices

In Oxygen Forensic® Detective v.16.0, we added the ability to extract hardware keys and decrypt physical dumps of Xiaomi devices based on the Qualcomm SDM439 chipset. Xiaomi Redmi 7A, Xiaomi Redmi 8, and Xiaomi Redmi 8A devices running Android OS 7 or higher are now supported.

Extended support for UNISOC-based devices

We also added support for the devices based on the UNISOC T606, T616, T612, and T310 chipsets and running Android OS 10 – 13. Now you can extract hardware keys to decrypt physical dumps of many HTC, Motorola, Nokia, Realme, ZTE, and other devices based on these chipsets.

Enhanced APK Downgrade method

Our APK Downgrade method allows extraction of popular apps by temporarily downgrading app versions so that they are included in the ADB backup. In Oxygen Forensic® Detective v.16.0, we added support for Android OS versions 12 and 13. Now you can extract data from many more Android devices using this method. With our support for WhatsApp, Instagram, Facebook, Twitter, and 40 other supported apps,  you will have access to much more critical evidence.

Samsung Browser extraction via Android Agent

You can now quickly collect Samsung Browser data from any unlocked Android device using our Android Agent. It can be installed on a device via USB, WiFi, or OTG device. Once the acquisition process is finished, the extraction can be imported into Oxygen Forensic® Detective for review and analysis. The evidence set will include saved logins and passwords, history, bookmarks, downloads, and other available data.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Enhanced iOS Agent method

We significantly enhanced the ability to extract full file system and keychain via the iOS Agent. Now you can extract them from devices with iOS versions 14.6 – 14.8.1, 15.6 – 15.7.1, and 16.0 – 16.5.

Decryption of Apple Notes and Briar app

We added passcode brute force for encrypted Apple Notes and Briar app.

If an Apple Note is encrypted, you can click the Enter passcode button on the toolbar of the Apple Notes section and brute force the passcode using our various available attacks.

You can now brute force the passcode for Briar app installed on Android devices. This functionality is available in the Full File System extraction method.

New App support

We added support for the following new apps:

  • Threads (Android, iOS)
  • TikTok Lite (Android)
  • TanTan (Android, iOS)
  • 1Password (Android, iOS)

The total number of supported app versions now exceeds 40,000.

Import Updates

In Oxygen Forensic® Detective v.16.0, we added the ability to import the following images:

  • Physical dumps of Xiaomi Redmi 7A/8/8A based on the Qualcomm SDM439 chipset
  • Physical dumps of the UNISOC T606/T616/T612, and T310 chipsets
  • XRY backups of versions 10.3.1 and newer

Additionally, you can now select artifacts to import and analyze from Oxygen Forensic® KeyScout extractions. This is a great time-saving feature as you do not need to import the whole extraction anymore.

Cloud Forensic Updates

Clubhouse data extraction

Launched in 2020, Clubhouse currently has over 10 million weekly active users. The latest Oxygen Forensic® Cloud Extractor enables data extraction from Clubhouse via phone number or token. The extracted data set includes account info, contacts, audio messages and replays, chats, notifications, and information about the houses.

Bumble data extraction

Bumble is another new service added in Oxygen Forensic® Detective v.16.0. Data extraction from this dating app is supported via phone number or token. Extracted evidence will include profile info, contacts, messages, and album photos.

Google Messages extraction

Now you can also extract Google Messages from the cloud. Use a token or scan a QR code with a mobile device to gain access to this cloud service. The evidence set will include information about the account owner, SIM cards, contacts, as well as private and group chats.

With this version, the total number of supported cloud services is now 105.

Computer Artifacts

Deleted files recovery

We added the ability to recover deleted files from FAT16, FAT32, and exFAT file systems. To do so, select the “Recover deleted files” option in the KeyScout Search settings, then select drives and partitions where you want to recover deleted files.

Decryption of VeraCrypt containers

The updated Oxygen Forensic® KeyScout can now extract VeraCrypt encryption keys from Windows RAM. With a found VeraCrypt encryption key drive, partitions and separate file containers can be decrypted.

The key features of this functionality include:

  • Support for standard and hidden containers
  • Detection of drives, partitions, or file containers protected with VeraCrypt
  • Extraction of VeraCrypt encryption keys of any versions
  • Support for all 15 VeraCrypt encryption algorithms

In addition to VeraCrypt encryption keys, drives and partitions can be decrypted with a known password in Oxygen Forensic® KeyScout.

New artifacts

The updated Oxygen Forensic® KeyScout enables users to collect the following new artifacts:

  • Installed Homebrew packages from macOS
  • Shim Cache from Windows
  • The information about permissions that were given to applications on Windows
  • NordVPN from Windows, macOS, and GNU/Linux
  • PureVPN from Windows, macOS, and GNU/Linux
  • VLC Media Player from Windows, macOS, and GNU/Linux
  • A paid version of ViPole from Windows, macOS, and GNU/Linux
  • Telegram stories from macOS

Moreover, weadded decryption of Viber databases from macOS and WhatsApp databases from Windows images.

Data Analysis Updates

We enhanced our analytical sections with two features:

  • New categories are added to the Image Categorization section: medical, meme, offensive gesture, and schematic.
  • A new smart filter now allows showing events before and after those events marked with a particular tag in the Timeline section.

Interested in trying out Oxygen Forensic® Detective v.16.0? Request a free trial.

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
In this webinar, David Spreadborough, Forensic Analyst at Amped Software, provides a closer look at those important early stages in investigations involving video evidence. Starting with establishing the integrity of the digital data and evaluating the authenticity of the produced visual image. From demonstrative timelines to speed estimation, the evidential foundations are paramount in every case. Failure to consider these steps and misinterpreting the data can cause unnecessary delays, mistakes, and potentially even miscarriages of justice. Amped FIVE is used to conduct data analysis, file conversion, and assessment of image reliability. Useful links: Amped FIVE - https://ampedsoftware.com/five Video Evidence Principles - https://blog.ampedsoftware.com/2023/0... CCTV Acquisition introduction - https://blog.ampedsoftware.com/2023/0...

In this webinar, David Spreadborough, Forensic Analyst at Amped Software, provides a closer look at those important early stages in investigations involving video evidence. Starting with establishing the integrity of the digital data and evaluating the authenticity of the produced visual image.

From demonstrative timelines to speed estimation, the evidential foundations are paramount in every case.

Failure to consider these steps and misinterpreting the data can cause unnecessary delays, mistakes, and potentially even miscarriages of justice.

Amped FIVE is used to conduct data analysis, file conversion, and assessment of image reliability.

Useful links:

Amped FIVE - https://ampedsoftware.com/five
Video Evidence Principles - https://blog.ampedsoftware.com/2023/0...
CCTV Acquisition introduction - https://blog.ampedsoftware.com/2023/0...

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_dnSPwNdMn5M

Investigating Video: The Vital First Steps

Forensic Focus 8 hours ago

Read more at https://www.forensicfocus.com/news/forensic-focus-digest-may-10-2024/ #dfir #digitalforensics

Read more at https://www.forensicfocus.com/news/forensic-focus-digest-may-10-2024/ #dfir #digitalforensics

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_QVjq2Xu_MQ8

Forensic Focus Digest, May 10 2024 #dfir #digitalforensics

Forensic Focus 10th May 2024 12:43 pm

In this webinar, Jordan Portfleet from the Oxygen Forensic Training Team introduces KeyDiver, a new module integrated into Oxygen Forensic Detective. KeyDiver is designed to find passwords to decrypt various encrypted data sources like BitLocker and FileVault2 encrypted volumes, encrypted ZIP files, Apple Notes, Telegram Desktop app, and more. Jordan provides an in-depth walkthrough of KeyDiver's features and demonstrates how to create different types of brute force attacks like mask attacks, dictionary attacks, and custom password guessing. He explains the various settings available for customizing attacks, managing GPU utilization, monitoring progress, and more. Jordan also shares tips on leveraging additional data sources and social engineering techniques to improve password guessing success rates.

In this webinar, Jordan Portfleet from the Oxygen Forensic Training Team introduces KeyDiver, a new module integrated into Oxygen Forensic Detective.

KeyDiver is designed to find passwords to decrypt various encrypted data sources like BitLocker and FileVault2 encrypted volumes, encrypted ZIP files, Apple Notes, Telegram Desktop app, and more.

Jordan provides an in-depth walkthrough of KeyDiver's features and demonstrates how to create different types of brute force attacks like mask attacks, dictionary attacks, and custom password guessing. He explains the various settings available for customizing attacks, managing GPU utilization, monitoring progress, and more.

Jordan also shares tips on leveraging additional data sources and social engineering techniques to improve password guessing success rates.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_3hDBpcA9rdw

Oxygen Forensic® KeyDiver

Forensic Focus 9th May 2024 11:08 am

Load More... Subscribe
This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles

Investigating Video: The Vital First Steps
Webinars

Investigating Video: The Vital First Steps

ByAmpedSoftwareMay 13, 2024
Forensic Focus Digest, May 10 2024
News

Forensic Focus Digest, May 10 2024

ByForensic FocusMay 10, 2024
Oxygen Forensic® KeyDiver
Webinars

Oxygen Forensic® KeyDiver

ByOxygenForensicsMay 9, 2024
Detego Global Announces Webinar To Demonstrate The Powerful New Features Of Detego v4.16
News

Detego Global Announces Webinar To Demonstrate The Powerful New Features Of Detego v4.16

ByDetego Digital ForensicsMay 8, 2024
Digital Forensics Round-Up, May 08 2024
News

Digital Forensics Round-Up, May 08 2024

ByForensic FocusMay 8, 2024
UK Parliamentary Legislation Introduced Against Deepfakes
News

UK Parliamentary Legislation Introduced Against Deepfakes

ByForensic FocusMay 2, 2024