Oxygen Forensics Now Offers Image Categorization And TamTam Cloud Extraction

Oxygen Forensics, a global leader in digital forensics for law enforcement, federal, and corporate clients, today announced their flagship software, Oxygen Forensic Detective 12.1 will bring image categorization and grouping, allowing investigators to use AI to sort and categorize images into twelve categories, including drugs, weapons, alcohol, and nudity, to more quickly find pertinent images to an investigation. The latest update also includes TamTam Messenger extraction capabilities, following the breaking news that as of early December 2019, it is suspected TamTam is the new, preferred communication service for ISIS supporters. Now Oxygen Forensic Detective 12.1 will allow investigators to extract chats, calls, contacts, and other information from the TamTam cloud.IMAGE CATEGORIZATION

The task of identifying illicit images in either a criminal or civil investigation is extremely time-consuming; often comparable to looking for a needle in a haystack. A single case can easily contain thousands of images, many of which are not relevant to the investigation. A manual examination of these images, even within a thumbnail gallery, can take days when the average investigator can only review a few thousand images per hour.

Oxygen Forensic® Detective 12.1 now offers the powerful ability to detect, analyze, and categorize images from twelve different categories. This innovative feature is available at no additional charge to all the licensed users. Currently included categories are: pornography, extremism, graphic violence, drugs, alcohol, weapons, gambling, child abuse, documents, currency, risque, and identification documents.

Our image categorization can be initiated when importing device data or on already imported extractions. In both instances, you can select categories you would like to search during analysis of images and also fine-tune the positive “hit” settings by setting identification thresholds in Options/Advanced analytics menu in Oxygen Forensic® Detective. There are four possible threshold settings: low, medium, high (default) and max. The maximum threshold decreases the false positives and detection rate.

After running the image analysis, the number of matching images for each supported category is tagged and shown in Key Evidence and Files sections. You can review the tagged data and manually exclude the false positives.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

TAMTAM EXTRACTION

The latest update also includes TamTam Messenger extraction capabilities, following the breaking news that as of early December 2019, it is suspected TamTam is the new, preferred communication service for ISIS supporters. Now Oxygen Forensic Detective 12.1 will allow investigators to extract chats, calls, contacts, and other information from the TamTam cloud. Access can be obtained via phone number or token be found by our software both in mobile devices and on PCs. Please note that TamTam extraction is also supported from Apple iOS and Android mobile devices. The newly added TamTam data extraction gives investigators combatting terrorism the ability to obtain data from ISIS’s newly preferred communication platform, ensuring national and international law enforcement entities have all the tools they need.

USER DATA FROM MACOS AND LINUX

Oxygen Forensic Detective version 12.1 brings significant enhancements for the built-in Oxygen Forensic® KeyScout. Our innovative searching utility can now run and collect user data and credentials as well as system information on macOS and GNU/Linux PCs.
On macOS computers Oxygen Forensic® KeyScout collects user data and credentials from the following apps: Safari, Google Chrome, Mozilla Firefox, Mozilla Thunderbird, Opera, WhatsApp Desktop and WhatsApp Web, Telegram Desktop and TamTam.

It should be noted the WhatsApp token found by our KeyScout on macOS (as well as on Windows OS) can be used to extract complete WhatsApp data using our Cloud Extractor. This innovative approach is industry leading and can only be found using Oxygen Forensic® Detective. Using this approach, the investigator will not need to worry about 2FA or data decryption.

On GNU/Linux computers our Oxygen Forensic® KeyScout collects user data and credentials from the following apps: Chrome, Mozilla Firefox, Mozilla Thunderbird, Opera, and TamTam.

ANDROID DUMPS DECRYPTION

We’ve significantly enhanced our support for Android physical decryption.

1. Currently, Oxygen Forensic® Detective supports 500+ device models based on Qualcomm chipsets and offers a screen lock and signature bypass as well as decryption. The new 12.1 release adds the ability to decrypt Android physical dumps with a known password for Qualcomm devices using chipsets MSM8917, MSM8937, MSM8940, MSM8953, including the devices with Secure startup enabled.
2. We’ve also implemented a powerful ability to decrypt Android physical images using hardware-backed keys and user passwords. Supported chipsets are MTK 6737 and Qualcomm MSM8916, MSM8939, MSM8909, MSM8952, MSM8917, MSM8937, MSM8940, MSM8953.

NEW CLOUD SERVICES SUPPORT

The updated Oxygen Forensic® Cloud Extractor brings support for several new cloud services. Our industry leading number of supported cloud services is now 77.

1. Investigators can now extract emails from Microsoft Outlook via username/password or token that can be extracted from computers or in mobile devices during processing. Please note that Oxygen Forensic® Detective can also collect Microsoft Outlook emails on Windows-based computers as well as from Apple iOS and Android devices.
2. We have also added the ability to extract texts, videos, images, URL links and other data from Line Keep account via username/password, Android token or QR code. Moreover, additional data can be now extracted from the Line cloud – groups, notes, albums, timeline.
3. Apple has recently introduced new authorization type via SMS. Our latest Cloud extractor now supports this authorization method.

SOCIAL GRAPH ENHANCEMENTS

We have added several enhancements to our Social Graph. It is now possible to define the shortest path between selected contacts (by default up to 5 intermediaries). That allows investigators to visually see that device owner did not speak directly to someone, but spoke to a contact, who spoke to another, and then spoke to the identified target. Also, you can now manually select contacts on the Graph and view the detailed statistics about them as well as common communications. More importantly, self-communications, or messages sent to yourself, are now specially visualized on the Graph.

DATA EXPORT ENHANCEMENTS

Adding the ability for investigators to fine tune their reports is extremely important to us. So, in the 12.1 release we have added a number of enhancements to our Export module. These include:

• The ability to select fields for export in Export options/Sections Settings.
• The ability to select file type for export in Files section.
• The ability to export chats in chat view from the Timeline section.

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools. 

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools.

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_7QiFTiuY7Vw

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

Forensic Focus 22nd March 2023 12:44 pm

Throughout the past few years, the way employees communicate with each other has changed forever.<br /><br />69% of employees note that the number of business applications they use at work has increased during the pandemic.<br /><br />Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.<br /><br />Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.<br /><br />Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.<br /><br />With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.<br /><br />Join Monica Harris, Product Business Manager, as she showcases how investigators can:<br /><br />- Manage multiple cloud collections through a web interface<br />- Cull data prior to collection to save time and money by gaining these valuable insights of the data available<br />- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box<br />- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee<br />- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 12:00 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...