Oxygen Forensics Introduces Sony MTK Dump And Face Search Capabilities

Oxygen Forensic Detective 13.3 is now available! Extract evidence from locked Sony MTK devices, acquire Tinder and OkCupid cloud data, analyze application activity in Timeline, conduct face searches, and more.

Sony MTK Dump

Oxygen Forensic® Detective 13.3 implements a new extraction method entitled “Sony MTK Dump”. This method allows investigators to bypass the screen lock and create a full physical dump of Sony devices based on MTK chipsets with Full Disk Encryption (FDE). If Secure Startup is enabled, investigators can use the built-in brute force module to find the user passcode. Supported devices include Sony XA1, Sony L1, Sony L2, and Sony L3.

New Method for Qualcomm Devices

This update also offers a new method of file system extraction for Android devices based on Qualcomm chipsets. If a device is unlocked and has Security Patch Level (SPL) no later than February 2020, investigators can apply a built-in exploit to gain temporary root rights and perform file system acquisition. This method covers multiple devices based on over 25 variations of Qualcomm chipsets running Android OS 7-9.

Video Recordings

In version 12.5, we introduced the ability to make screenshots of Android data via our OxyAgent. Oxygen Forensic® Detective 13.3 enables video recordings in a semi-automated or manual mode. Please note that apps preventing a screen capture (e.g., Telegram, WickreMe, VIPole) are not supported with this new upgrade to OxyAgent.

Search for Similar Faces

Oxygen Forensic® Detective provides investigators with a wide range of built-in analytical and time-saving features. With the release of Oxygen Forensic Detective version 13.3, investigators can conduct searches for specific faces in one or more extractions. To do this, open the Search section and navigate to the Face Sets tab. From there, investigators can create a unique set of reference images by uploading photos of people whom they need to identify in the extraction. Investigators can also adjust the percentage of resemblance. The higher the threshold, the more accurate the results will be. Once the search has completed, investigators will see the search results along with all detailed information (age, emotion, resemblance, etc.) within the interface.

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

Application Activity Analysis

Application activity analysis is often vital for malware detection. With this in mind, we have introduced a new tab, “Application activity”, in the Timeline section. It allows investigators to gain quick insights into the activity of applications extracted from Apple iOS and Android devices as well as computers.

Tinder and OkCupid Cloud Data

The updated Oxygen Forensic® Cloud Extractor brings support for two popular dating apps – Tinder and OkCupid.

Authorization in the Tinder cloud is supported via phone number or Google account. If 2FA is enabled, an investigator will need to enter a code received to the connected email address or phone number. Evidence sets will include the account details, chats, contacts, and matches.

Access to OkCupid is possible via phone number, login/password, or token extracted from Apple iOS and Android devices. If 2FA is needed to proceed, an investigator will need to enter a code received to the connected phone number. OkCupid cloud extraction will contain the account details, chats, contacts, files, and other available data.

New Computer Artifacts

The updated Oxygen Forensic® KeyScout now allows investigators to collect user data from several new apps: Zello, Discord, Element Messenger, and VIPole. Moreover, using the KeyScout, investigators can import and parse file system ZIP archives made from Windows, macOS, or Linux computers. Additionally, we have added the ability to search and collect computer artifacts by most common file extensions. Check the required file extensions in the Settings/Files tab in KeyScout for additional information. Lastly, we have added full support for macOS Big Sur v 11.1.

Support for WiGLE Service

Location information is key to solving many crimes. This release brings support for WiGLE, which allows investigators to receive geo coordinates from extracted MAC addresses. To use this service, register on the WiGLE website and enter the received API token in the Options/Geo Settings menu in Oxygen Forensic® Detective. Once that is complete, investigators will be able to receive geo information in the Wireless Connections section.

Wish to try a new version? Ask for a fully-featured demo license.

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles