Oxygen Forensics, a global leader in digital forensics for law enforcement, federal, and corporate clients, today announced their flagship software, Oxygen Forensic Detective 12.1 will bring image categorization and grouping, allowing investigators to use AI to sort and categorize images into twelve categories, including drugs, weapons, alcohol, and nudity, to more quickly find pertinent images to an investigation. The latest update also includes TamTam Messenger extraction capabilities, following the breaking news that as of early December 2019, it is suspected TamTam is the new, preferred communication service for ISIS supporters. Now Oxygen Forensic Detective 12.1 will allow investigators to extract chats, calls, contacts, and other information from the TamTam cloud.IMAGE CATEGORIZATION
The task of identifying illicit images in either a criminal or civil investigation is extremely time-consuming; often comparable to looking for a needle in a haystack. A single case can easily contain thousands of images, many of which are not relevant to the investigation. A manual examination of these images, even within a thumbnail gallery, can take days when the average investigator can only review a few thousand images per hour.
Oxygen Forensic® Detective 12.1 now offers the powerful ability to detect, analyze, and categorize images from twelve different categories. This innovative feature is available at no additional charge to all the licensed users. Currently included categories are: pornography, extremism, graphic violence, drugs, alcohol, weapons, gambling, child abuse, documents, currency, risque, and identification documents.
Our image categorization can be initiated when importing device data or on already imported extractions. In both instances, you can select categories you would like to search during analysis of images and also fine-tune the positive “hit” settings by setting identification thresholds in Options/Advanced analytics menu in Oxygen Forensic® Detective. There are four possible threshold settings: low, medium, high (default) and max. The maximum threshold decreases the false positives and detection rate.
After running the image analysis, the number of matching images for each supported category is tagged and shown in Key Evidence and Files sections. You can review the tagged data and manually exclude the false positives.
TAMTAM EXTRACTION
The latest update also includes TamTam Messenger extraction capabilities, following the breaking news that as of early December 2019, it is suspected TamTam is the new, preferred communication service for ISIS supporters. Now Oxygen Forensic Detective 12.1 will allow investigators to extract chats, calls, contacts, and other information from the TamTam cloud. Access can be obtained via phone number or token be found by our software both in mobile devices and on PCs. Please note that TamTam extraction is also supported from Apple iOS and Android mobile devices. The newly added TamTam data extraction gives investigators combatting terrorism the ability to obtain data from ISIS’s newly preferred communication platform, ensuring national and international law enforcement entities have all the tools they need.
USER DATA FROM MACOS AND LINUX
Oxygen Forensic Detective version 12.1 brings significant enhancements for the built-in Oxygen Forensic® KeyScout. Our innovative searching utility can now run and collect user data and credentials as well as system information on macOS and GNU/Linux PCs.
On macOS computers Oxygen Forensic® KeyScout collects user data and credentials from the following apps: Safari, Google Chrome, Mozilla Firefox, Mozilla Thunderbird, Opera, WhatsApp Desktop and WhatsApp Web, Telegram Desktop and TamTam.
It should be noted the WhatsApp token found by our KeyScout on macOS (as well as on Windows OS) can be used to extract complete WhatsApp data using our Cloud Extractor. This innovative approach is industry leading and can only be found using Oxygen Forensic® Detective. Using this approach, the investigator will not need to worry about 2FA or data decryption.
On GNU/Linux computers our Oxygen Forensic® KeyScout collects user data and credentials from the following apps: Chrome, Mozilla Firefox, Mozilla Thunderbird, Opera, and TamTam.
ANDROID DUMPS DECRYPTION
We’ve significantly enhanced our support for Android physical decryption.
1. Currently, Oxygen Forensic® Detective supports 500+ device models based on Qualcomm chipsets and offers a screen lock and signature bypass as well as decryption. The new 12.1 release adds the ability to decrypt Android physical dumps with a known password for Qualcomm devices using chipsets MSM8917, MSM8937, MSM8940, MSM8953, including the devices with Secure startup enabled.
2. We’ve also implemented a powerful ability to decrypt Android physical images using hardware-backed keys and user passwords. Supported chipsets are MTK 6737 and Qualcomm MSM8916, MSM8939, MSM8909, MSM8952, MSM8917, MSM8937, MSM8940, MSM8953.
NEW CLOUD SERVICES SUPPORT
The updated Oxygen Forensic® Cloud Extractor brings support for several new cloud services. Our industry leading number of supported cloud services is now 77.
1. Investigators can now extract emails from Microsoft Outlook via username/password or token that can be extracted from computers or in mobile devices during processing. Please note that Oxygen Forensic® Detective can also collect Microsoft Outlook emails on Windows-based computers as well as from Apple iOS and Android devices.
2. We have also added the ability to extract texts, videos, images, URL links and other data from Line Keep account via username/password, Android token or QR code. Moreover, additional data can be now extracted from the Line cloud – groups, notes, albums, timeline.
3. Apple has recently introduced new authorization type via SMS. Our latest Cloud extractor now supports this authorization method.
SOCIAL GRAPH ENHANCEMENTS
We have added several enhancements to our Social Graph. It is now possible to define the shortest path between selected contacts (by default up to 5 intermediaries). That allows investigators to visually see that device owner did not speak directly to someone, but spoke to a contact, who spoke to another, and then spoke to the identified target. Also, you can now manually select contacts on the Graph and view the detailed statistics about them as well as common communications. More importantly, self-communications, or messages sent to yourself, are now specially visualized on the Graph.
DATA EXPORT ENHANCEMENTS
Adding the ability for investigators to fine tune their reports is extremely important to us. So, in the 12.1 release we have added a number of enhancements to our Export module. These include:
• The ability to select fields for export in Export options/Sections Settings.
• The ability to select file type for export in Files section.
• The ability to export chats in chat view from the Timeline section.
