Oxygen Forensics Innovations Of 2019

Where has the year gone! 2019 is coming to a close, but it is not too late to take a look back at all our innovative and industry leading features we’ve brought to our users this year.

To start with, how can it go without saying, the redesigned, reengineered and powerfully enhanced version of Oxygen Forensic® Detective 12.0 was released. The update brought the first mobile and cloud tool to market that dealt with the massive amount of data investigators deal with daily. Among its key features include second-to-none data parsing and decoding speed, multi-tab interface, detailed analytics for every app (Timeline, Social Graph and Chats View), convenient tag manager and so much more! Let’s take a look at what else was delivered to revolutionize the industry.Mobile data

LOCKED DEVICE SUPPORT. This year we have added the ability to conduct physical extractions of Android device based on the following new chipsets: Qualcomm MSM8909, MSM8916, MSM8952, and MSM8939. Our cutting-edge screen lock and signature bypass method supports a wide range of Qualcomm chipsets and works on 500+ Android devices from 26 different manufacturers.

PHYSICAL IMAGE DECRYPTION. Oxygen Forensic® Detective gave investigators a universal method to help bypass screen locks and disk encryption (no matter if it is software or hardware) to extract a physical dump of Android devices based on Mediatek chipsets.

We’ve also implemented the powerful ability to decrypt Android physical images using hardware-backed keys and user passwords. Supported chipsets are MTK 6737 and Qualcomm MSM8916, MSM8939, MSM8909, MSM8952, MSM8917, MSM8937, MSM8940, MSM8953.

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

BACKUP SUPPORT. Supporting the most device backups in the industry, we would be remiss if we did not mention our support for Huawei backups that contain a phenomenal amount of app data. To add to this support we fine-tuned and imported the parsing and decryption of the latest Huawei and HiSuite backups.

NEW DEVICE AND OS SUPPORT. Oxygen Forensic® Detective brought industry’s only support for Jio phones, a feature phone marketed by the Jio company headquartered in India. Our support covers all three sources of data: mobile devices via physical extraction, cloud and computer artifact collection. In Oxygen Forensic® Detective we have also added support for KaiOS, a mobile operating system based on Linux. Our customers have stated they are seeing more and more devices using KaiOS and there is no match in industry offering our support!

DATA PARSING. Oxygen Forensic® Detective now extracts and decrypts all the available encryption keys (f.e. to Signal, Threema, Anazon) from the Android KeyStore. By regularly updating our parsing and decryption support for CoverMe, Threema, Telegram, Wickr and other secure Messengers we prove once again why we are leaders in app support. The total amount of supported app versions now exceeds 13,000. A great addition to this support is our new OS Artifacts section where you can find device logs as well as Screen Time information from Apple iOS devices.

Cloud data

NEW CLOUD SERVICES. This year we have added support for 17 more cloud services making our overall supported services at 77 more than any company in the industr. Among supported services include Apple Health, Apple Maps, iCloud Keychain, Microsoft Outlook, BlaBlaCar, LinkedIn, WhatsApp, Line and so many others. Even better, we have added the ability to extract and decrypt data from the secure WickrMe Messenger via username/password or token and also access TamTam Messenger data via phone number or token. Our support of the TamTam Messenger was critical to support our customers ability to combat terrorism around the globe.

FAST QR CODE METHOD. Last year we introduced the world’s only method of fast WhatsApp data extraction via QR token. This year we continued adding cloud services supported via QR code technology. Now if you have an unlocked device you can extract Viber and Line Messenger data just scanning a QR code in our Cloud Extractor. Complete messenger data is extracted and available in Oxygen Forensic Detective within minutes!

Computer artifacts

Oxygen Forensic® KeyScout has progressed into a very powerful utility for investigators. One of its main feature of course is the ability to run and collect data on 3 different operating systems – Windows OS, MacOS and Linux. The amount of collected data is staggering to say the least and includes email extraction from all of the most popular email clients, various Web Browsers and Messengers as well as valuable login credentials and tokens. Simply copy the KeyScout utility to a flash drive from within Oxygen Forensic® Detective, run it on the subject’s computer and then import the collected user data to Oxygen Forensic® Detective and the collected credentials (usernames, passwords, tokens) to Oxygen Forensic Cloud Extractor for further cloud data extraction.

Drone data

PARROT DRONE SUPPORT. This year we introduced another UAS solution with the all-in-one support for Parrot drones. Investigators can import and parse Parrot’s flight logs extracted from either an installed mobile app but also from a drone physical dump. The parsed data includes geo coordinates, timestamps and metadata that includes altitude, velocity, ground speed, Wi-Fi signal, battery level, current satellite numbers, and more. Also, Oxygen Forensic® Detective delivered groundbreaking technology to extract complete flight history data from the My Parrot Cloud via login/password or token.

EXTENDED DJI DRONE SUPPORT. Our current version also enables you parse additional technical data about the DJI drone flight, like drone acceleration, gyroscope and temperature details to name a few. The extracted flight history of Parrot and DJI drones and all the technical parameters can be visualized within our built-in Maps.

Data analysis

This year we have added two powerful analytical features that are included for our current and licensed customers; image categorization and facial recognition.

IMAGE CATEGORIZATION. Oxygen Forensic® Detective now offers the ability to detect, analyze, and categorize images from twelve different categories. Currently included categories are: pornography, extremism, graphic violence, drugs, alcohol, weapons, gambling, child abuse, documents, currency, risque, and identification documents. Our image categorization can be initiated when importing device data or on already imported extractions. In both instances, you can select categories you would like to search during analysis of images and fine-tune the positive “hit” settings by setting identification thresholds in Options/Advanced analytics menu. After running the image analysis, the number of matching images for each supported category is tagged and shown in Key Evidence and Files sections.

FACIAL RECOGNITION. Oxygen Forensics now offers the most innovative and powerful ability to allow investigators to categorize human faces using built-in facial recognition technology. The unique features of the built-in Facial recognition component include industry leading accuracy (as measured by the NIST), detailed face analytics (gender, race, emotion, etc), immediate categorization and matching (5 faces/second) and working with huge volumes of data.

SOCIAL GRAPH ENHANCEMENTS. We have added several enhancements to our Social Graph. It is now possible to define the shortest path between selected contacts (by default up to 5 intermediaries). That allows investigators to visually see that device owner did not speak directly to someone, but spoke to a contact, who spoke to another, and then spoke to the identified target.

DEVICE STATISTCS SECTION. Oxygen Forensic® Detective now have an enhanced new device statistics section that shows detailed statistics about an extraction or imported image: Top 10 applications with the greatest number of communications, Top 10 groups, Top 10 contacts, Last contacted, Key Evidence with tags and notes. This is a great place to start any mobile forensic investigation.

LOAD FILE FORMAT SUPPORT. Wish to analyze extracted data in Relativity software or other eDiscovery software? Now you can export contacts, calls, messages and files extracted in our software to not only the Relativity format, but change/add delimiters easily in our settings to support other platforms. Now Oxygen Forensic Detective can be a part of your EDRM process.

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles