Oxygen Forensics Advances Brute Force, Decryption, and Analysis Capabilities in Latest Release

Oxygen Forensics, a global leader in digital forensics for law enforcement, federal agencies, and enterprise clients, announced today the release of the latest version of the all-in-one digital forensic solution, Oxygen Forensic® Detective v.15.1. This version offers multiple advancements to increase access to mobile data, as well as improvements to the popular analytic feature, Facial Categorization.

Enhanced support for MTK devices

Oxygen Forensic® Detective v.15.1 brings enhanced support for MTK-based Android devices. Now Android devices that have TEE Trusty and File-Based Encryption (FBE) and are based on the MT6765 and MT6580 chipsets are supported for passcode brute force.

Moreover, our support now covers Android devices that are based on the MT6739 chipset and have TEE Kinibi and Full-Disk Encryption (FDE).

We’ve also added the ability to decrypt images of Xiaomi and Poco devices based on the Mediatek MT6769T chipset and having File-Based Encryption (FBE). Supported models include Xiaomi Poco M2, Xiaomi Redmi 9 Global, Xiaomi Redmi 9 Prime.

Android Keystore extraction from Qualcomm-based devices

We’ve added the ability to extract encryption keys from the Android Keystore from devices based on the Qualcomm chipsets: MSM8917, MSM8937, MSM8940, and MSM8953.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


To use this functionality, select the Qualcomm EDL method in the Oxygen Forensic® Device Extractor. With the extracted encryption keys, Oxygen Forensic® Detective can decrypt Briar, ProtonMail, Silent Phone, and Signal apps.

 Other Device Extractor updates

We’ve also included the following extraction updates:

  • Redesigned extraction method for Spreadtrum-based devices. Now this method is available in the new Oxygen Forensic® Device Extractor.
  • Updated the ability to extract data from Discord and added selective Discord chat extraction via Android Agent.
  • Improved the interface of selective iOS data extraction via checkm8, SSH, and iOS Agent.
  • Full extraction support for iPhone 14, iPhone 14 Plus, iPhone 14 Pro, and iPhone 14 Pro Max via iTunes backup procedure.

App support

In Oxygen Forensic® Detective v.15.1, we’ve added support for the following new apps:

  • Briar (Android)
  • AppLock (Android)
  • Default Sound Recorder (Android)
  • FileSafe (Android)
  • Zoho Mail (iOS, Android)
  • JustTalk (iOS)
  • Microsoft Bing (iOS)
  • Shazam (iOS)
  • IRL (iOS)

The total number of supported app versions now exceeds 34,300.

Brute force for additional MainSpace (Huawei)

A Huawei device may have more than one MainSpace (user profile). In Oxygen Forensic® Detective v.15.1, you can brute force passcodes to the second, third, or more profiles in MainSpace. Please note that a passcode brute force is also available for PrivateSpace.

Import of Microsoft Outlook Data Files

Now you can import and parse Microsoft Outlook Data Files of .pst/.ost file formats. Select this file format under “Desktop Data” options and follow the instructions. The parsed evidence set will include emails, contacts, calendars and tasks.

Import of Snapchat My Data

Oxygen Forensic® Detective v.15.1 allows you to import downloaded Snapchat My Data that can be collected with the “Download My Data” function from Snapchat. The parsed evidence set will include account information, chats, calls, memories, search history, highlights, story views, and more.

We’ve also added support for the latest version of Snapchat Warrant Returns.

Cloud Forensic Updates

We’ve introduced several improvements to Oxygen Forensic® Cloud Extractor:

  • The last view date is now extracted for Google Drive files
  • You can set a path to OCB files in the Account Owner information window
  • We’ve redesigned the Help menu and included new documents

Functionality updates of KeyScout

We’ve improved the software interface and made a number of functional updates to  KeyScout.

  • You can now decrypt passwords, tokens, and cookies collected from other user profiles and computer images. Enter the known password in the Passwords tab within the Search settings for data decryption.
  • You can select particular drives and partitions for live extraction.
  • We’ve improved the Search Settings interface by adding detailed descriptions of the system artifacts and memory available for extraction.
  • More detailed information has been added regarding every step of the data collection and saving process.

New and updated computer artifacts

With the updated Oxygen Forensic® KeyScout, you can collect the following new artifacts:

  • Windows Diagnostic Infrastructure (WDI) artifact on Windows
  • System logs on Linux
  • Microsoft To Do app on Windows
  • Mail and Calendar app on Windows

Updated artifact support includes:

  • Most Recently Used (MRU) artifact on Windows
  • WMI persistence artifact on Windows
  • System events artifact on macOS
  • Microsoft Outlook app on Windows
  • Signal app on Windows, macOS, and Linux

Facial Categorization on video frames

In the Files section, we’ve added the ability to categorize faces from video frames. If an extracted video has a face, you can now right-click on a video frame and add it to the Faces section by selecting the “Detect face” option.

Updates in Oxygen Forensic® Viewer

We’ve added support for Project VIC files in Oxygen Forensic® Viewer. You can now:

  • Assign Project VIC categories to images in the Files section
  • Add Project VIC hash sets in the Hash Sets Manager
  • Customize Project VIC categories in the Options menu

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, June 12 2024 #dfir #digitalforensics

Forensic Focus 12th June 2024 5:51 pm

Digital Forensics News Round-Up, June 12 2024 #dfir #digitalforensics

Forensic Focus 12th June 2024 5:39 pm

Internal investigations and eDiscovery face rising challenges in the data collection landscape. There is an urgent need to preserve and analyze data; rising costs for server infrastructure and overhead and the increasing complexity and volume of data from emerging sources is overwhelming. Laptops, computers, phones, tablets, cloud sources, and messaging applications – data is stored anywhere and everywhere with employee communications being the riskiest data sources.

The scope and specific challenges of data collection affect organizations and law firms differently, presenting a need for a variety of solutions to best fit their needs. With Cellebrite’s suite of SaaS (Software-as-a-Service) cloud-based collection solutions, corporate investigators and eDiscovery practitioners can close investigations and get to review faster.

Cellebrite's market-leading SaaS based solutions minimize business disruption and save organizations money by:

- Eliminating the need for large upfront costs and maintenance expenses
- Minimizing overhead costs without hosting the solution, no hardware shipping, and no technical calls for assistance
- Minimal and predictable data collection costs, allowing you to scale your usage according to your specific needs and budgetary considerations
- Stay up to date with continuous updates to data sources with updates pushed to the Cellebrite cloud
- Close investigations and review discovery faster with cloud-based innovation
- Manage customer requests and provide transparency throughout your organization across the globe

Watch Cellebrite's webinar where Monica Harris, Product Business Manager, showcases how Cellebrite’s range of SaaS-based solutions have you covered whether you need remote collection across all devices, including computers, cloud sources, chat applications, and mobile devices or full-file system advanced collection capabilities across the widest range of mobile devices and applications.

Internal investigations and eDiscovery face rising challenges in the data collection landscape. There is an urgent need to preserve and analyze data; rising costs for server infrastructure and overhead and the increasing complexity and volume of data from emerging sources is overwhelming. Laptops, computers, phones, tablets, cloud sources, and messaging applications – data is stored anywhere and everywhere with employee communications being the riskiest data sources.

The scope and specific challenges of data collection affect organizations and law firms differently, presenting a need for a variety of solutions to best fit their needs. With Cellebrite’s suite of SaaS (Software-as-a-Service) cloud-based collection solutions, corporate investigators and eDiscovery practitioners can close investigations and get to review faster.

Cellebrite's market-leading SaaS based solutions minimize business disruption and save organizations money by:

- Eliminating the need for large upfront costs and maintenance expenses
- Minimizing overhead costs without hosting the solution, no hardware shipping, and no technical calls for assistance
- Minimal and predictable data collection costs, allowing you to scale your usage according to your specific needs and budgetary considerations
- Stay up to date with continuous updates to data sources with updates pushed to the Cellebrite cloud
- Close investigations and review discovery faster with cloud-based innovation
- Manage customer requests and provide transparency throughout your organization across the globe

Watch Cellebrite's webinar where Monica Harris, Product Business Manager, showcases how Cellebrite’s range of SaaS-based solutions have you covered whether you need remote collection across all devices, including computers, cloud sources, chat applications, and mobile devices or full-file system advanced collection capabilities across the widest range of mobile devices and applications.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_SE7Cl5jkigk

Maximising Data Collection With SaaS Innovations

Forensic Focus 10th June 2024 12:42 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles