10 Analytical Features Available in Oxygen Forensic Detective

Modern devices store gigabytes of data that when extracted cannot be analyzed manually. So investigators need tools that will allow them to quickly process and analyze acquired evidence. We, at Oxygen Forensics, were the first in the mobile forensics market to realize this essential requirement and incorporate data analytics into our software. Ten years ago when we introduced Timeline, our first analytical section and today offer a wide range of powerful analytical tools at no additional cost to the user. Let’s go through all of them.

1. Timeline

Our Timeline section provides a view of all device events in a single list – chats within apps, calls, web activity, web connections, photos, videos, calendar events, and more. Events can be viewed for one device or a group of devices, allowing easy identification of common group activities. Sort and filter by date, time, activity frequency, contact, remote party, or other data points to focus only on the most relevant data. The Geolocations tab contains the full list of geo coordinates from all the sources that include photos, videos, apps, drone flight logs, and more. In addition, the Activity matrix located in the bottom panel helps to detect when the device was most used.

2. Social Graph

The built-in Social Graph provides a convenient platform to explore social connections between a device  owner and their contacts or between several devices. Using the Social Graph investigators can identify  the  device owners  closest  contacts  in  one  click. Click on any contact to open a card containing detailed information about the selected contact and all communications across device    sources.  The Social Graph interface is dynamic and agile. Investigators can drag and drop to move, hide, or merge contacts while producing a crystal clear view of device and  case connections. It is also possible to define the shortest path between selected contacts (by default up to 5 intermediaries). That allows investigators to visually see that device owner did not speak directly to someone, but spoke to a contact, who spoke to another, and then spoke to the identified target.

3. Image Categorization

Oxygen Forensic® Detective provides the ability  to categorize  images  from  twelve  different  classes  that includes  pornography,  extremism,  drugs,  alcohol,  and weapons.  Our image categorization is available when importing device  data  and  also  on  already  imported extractions.  Investigators can select all or selected categories while also having the ability to fine-tune the positive “hit” settings. After running the image analysis, the number of matching images  for  each  supported category is tagged and shown in Key Evidence and the Files sections.  Investigators can review the tagged data and manually exclude any false positives.

4.Facial Recognition

Oxygen Forensic® Detective offers the ability for investigators to categorize human faces. The facial recognition is available in the Faces section. The unique features include: industry leading accuracy (as measured by NIST), detailed face analytics (gender, race, emotion, and more), immediate categorization and  matching  (5  faces/second),  and support for massive volumes of data. Using the built-in facial recognition investigators  will save valuable time when looking  through  thousands  of  photos  or  videos  in mobile, cloud, or drone extractions.

5. Maps

Oxygen Forensic® Detective acquires  geo-coordinates from  all  possible  sources  including  mobile  devices, drones,  cloud  storages,  media  cards,  and  imported images. Once analyzed, the data can be viewed within our Oxygen Forensic® Maps, either online or offline. The Maps module includes the ability to: 

  • Identify a device’s frequently visited places
  • Pinpoint common locations of several devices
  • Visualize a device’s movements within specified period of time
  • Play an animated route showing the direction of travel

6. Data Search

Oxygen Forensic® Detective allows investigators the option to search across a single device, all devices in a  case,  or all  devices  in  a  database. Investigators can access  texts,  phone  numbers,  email  addresses,  geo-coordinates,  IP  addresses,  MAC addresses,  credit card numbers, and file hashes including Project VIC. A Regular Expression library is available for custom search functions,    and  the  investigators can create a set of keywords for a data search. Moreover, there are 3 ways how a search can be done: in parsed data, in files, and in file content such as SQLite databases.

7. Key Evidence

The Key Evidence section displays all records that have been bookmarked in other sections by the investigator. This section is where all entries identified as relevant to a case are found, making data analysis easier and saving valuable time. Investigators can bookmark important evidence in  a  single  device,  or several devices, and export it later to one data report. More importantly, Oxygen Forensic®  Detective  also offers a number of predefined tags, including: Nudity, Weapon,  Guns,  Important,  and  several  others. Investigators can also create and set their own tags and export entries to  data  reports  by  simply  selecting  the relevant tags.

8. App Analytics

We are aware of how important app data is for today’s digital investigations.  Not only do we  update  our industry leading app parsers with each release, but also deliver to investigators a powerful view for parsed app data. For each app, investigators have built-in analytics that include Chats view, Timeline, and Social Graph. The Chats View gives investigators the ability to read extracted conversations  in  the  convenient  message bubble  view, as  well  as  export  to  one  of  our reporting formats.  The Timeline and Social Graph view enable investigators to immediately apply our powerful analytics to an identified group conversation. With one click of the Maps button, investigators can visualize extracted geo-coordinates.

9. SQLite Viewer

The built-in Oxygen Forensic® SQLite Viewer is a powerful 64-bit tool for examining SQLite files. With this tool, investigators  can  open  any  SQLite  database,  recover deleted records, convert values to a readable format, build visual and non-visual  SQL  queries, save them  for further use, run a search, and finally export the selected entries to customized data reports. 

10. Device Statistics

Oxygen Forensic® Detective offers investigators a new Device Statistics section that shows detailed statistics about the extraction, such as Top 10 applications with the greatest number of communications, Top 10 groups, Top 10 contacts, Last contacted, Key Evidence with tags, and notes. This would be a great place to get a head start on a mobile forensic investigation.

Have never tried our software? Contact us for a fully-featured demo license that includes not only extraction capabilities but all the above-mentioned analytics!

Leave a Reply

Your email address will not be published.