Oxygen Forensic Detective 13.3 is now available! Extract evidence from locked Sony MTK devices, acquire Tinder and OkCupid cloud data, analyze application activity in Timeline, conduct face searches, and more.
Sony MTK Dump
Oxygen Forensic® Detective 13.3 implements a new extraction method entitled “Sony MTK Dump”. This method allows investigators to bypass the screen lock and create a full physical dump of Sony devices based on MTK chipsets with Full Disk Encryption (FDE). If Secure Startup is enabled, investigators can use the built-in brute force module to find the user passcode. Supported devices include Sony XA1, Sony L1, Sony L2, and Sony L3.
New Method for Qualcomm Devices
This update also offers a new method of file system extraction for Android devices based on Qualcomm chipsets. If a device is unlocked and has Security Patch Level (SPL) no later than February 2020, investigators can apply a built-in exploit to gain temporary root rights and perform file system acquisition. This method covers multiple devices based on over 25 variations of Qualcomm chipsets running Android OS 7-9.
Video Recordings
In version 12.5, we introduced the ability to make screenshots of Android data via our OxyAgent. Oxygen Forensic® Detective 13.3 enables video recordings in a semi-automated or manual mode. Please note that apps preventing a screen capture (e.g., Telegram, WickreMe, VIPole) are not supported with this new upgrade to OxyAgent.
Search for Similar Faces
Oxygen Forensic® Detective provides investigators with a wide range of built-in analytical and time-saving features. With the release of Oxygen Forensic Detective version 13.3, investigators can conduct searches for specific faces in one or more extractions. To do this, open the Search section and navigate to the Face Sets tab. From there, investigators can create a unique set of reference images by uploading photos of people whom they need to identify in the extraction. Investigators can also adjust the percentage of resemblance. The higher the threshold, the more accurate the results will be. Once the search has completed, investigators will see the search results along with all detailed information (age, emotion, resemblance, etc.) within the interface.
Application Activity Analysis
Application activity analysis is often vital for malware detection. With this in mind, we have introduced a new tab, “Application activity”, in the Timeline section. It allows investigators to gain quick insights into the activity of applications extracted from Apple iOS and Android devices as well as computers.
Tinder and OkCupid Cloud Data
The updated Oxygen Forensic® Cloud Extractor brings support for two popular dating apps – Tinder and OkCupid.
Authorization in the Tinder cloud is supported via phone number or Google account. If 2FA is enabled, an investigator will need to enter a code received to the connected email address or phone number. Evidence sets will include the account details, chats, contacts, and matches.
Access to OkCupid is possible via phone number, login/password, or token extracted from Apple iOS and Android devices. If 2FA is needed to proceed, an investigator will need to enter a code received to the connected phone number. OkCupid cloud extraction will contain the account details, chats, contacts, files, and other available data.
New Computer Artifacts
The updated Oxygen Forensic® KeyScout now allows investigators to collect user data from several new apps: Zello, Discord, Element Messenger, and VIPole. Moreover, using the KeyScout, investigators can import and parse file system ZIP archives made from Windows, macOS, or Linux computers. Additionally, we have added the ability to search and collect computer artifacts by most common file extensions. Check the required file extensions in the Settings/Files tab in KeyScout for additional information. Lastly, we have added full support for macOS Big Sur v 11.1.
Support for WiGLE Service
Location information is key to solving many crimes. This release brings support for WiGLE, which allows investigators to receive geo coordinates from extracted MAC addresses. To use this service, register on the WiGLE website and enter the received API token in the Options/Geo Settings menu in Oxygen Forensic® Detective. Once that is complete, investigators will be able to receive geo information in the Wireless Connections section.
Wish to try a new version? Ask for a fully-featured demo license.
