The latest version of our flagship software, Oxygen Forensic® Detective is now live and available for download by customers with current licenses.
In addition to added support for dozens of application updates, version 10.4 offers several major new features to enable investigators to extract and examine more data than ever before.
Decrypt WhatsApp Backups
In some cases, you may have a WhatsApp backup file extracted from an SD card or the internal memory of an Android device, but you do not have a key file to decrypt it. Oxygen Forensics now offers a new method to decrypt WhatsApp backups in such cases. All you need to do is import a WhatsApp backup into Oxygen Forensic® Cloud Extractor by clicking “Decrypt WhatsApp backup files” on the startup window. You will be offered two options for backup decryption – using the phone number associated with the backup or a WhatsApp Cloud token extracted from the Android device. Once data is decrypted you can open it in Oxygen Forensic® Detective for detailed analysis and reporting.
Import GrayKey iPhone Images
Oxygen Forensic® Detective 10.4 supports import and parsing of GrayKey images made from Apple iOS including devices ranging from iPhone 5S to iPhone 8 as well as iPhone X, running iOS versions up to 11.4.1. To import a GrayKey image select Import Apple backup/Import GrayKey image from the Import menu on the toolbar. Oxygen Forensic® Detective parses and recovers all available data including contacts, messages, calls, calendars, pictures and files, application data, passwords, geo coordinates, and much more.
Acquire Locked Samsung Devices
Oxygen Forensic® Detective 10.4 enables partial acquisition of locked Samsung devices via MTP. The method is compatible with devices running Android 4.4.x, 5.x, 6.x, 7.x. with the security update no later than October 27, 2017. All you need to do is connect a device via cable in Oxygen Forensic® Extractor and select Search for MTP devices in Automatic connection settings. The software will bypass screen lock and extract pictures and databases that are available via MTP.
Detect Similar Photos with PhotoDNA
We’ve added the ability to identify pictures with similar images using PhotoDNA hash sets. Select Search similar images in the Search menu. The software will automatically find similar images and group them together. This method allows to identify similar images that were, for example, modified or edited and allows forensic experts to find sensitive content within a short period of time.
Extract Wi-Fi Hotspot Connections
We’ve extended the functionality of Oxygen Forensic® KeyScout to support discovery of previously accessed Wi-Fi hotspots and their passwords on the subject’s computer. To collect Wi-Fi hotspots, run KeyScout on a computer. Once they are acquired you will see a Wi-Fi Access Points tab in KeyScout. You can save collected Wi-Fi data to an OCPK file for use in Oxygen Forensic® Cloud Extractor OCPK Viewer.
Examine Bluetooth Connection History
Oxygen Forensic® Detective 10.4 offers extraction of Bluetooth connections from iOS devices. Now you can acquire the information about both paired and nearby devices: MAC address, device name, and last detected time.
Authenticate via Google Prompt
We’ve added the ability to sign in to Google services with 2FA enabled by using Google Prompt. Four authentication types are now available for Google services: SMS, authenticator code, backup code, and Google Prompt.
Extract Qualcomm Devices with Improved EDL
EDL method for Qualcomm devices has been improved in the latest version. Manual selection of EDL bootloader is now available along with automatic bootloader upload. EDL method allows extraction of data from 450+ Qualcomm-based Android devices.