Support for Huawei Devices
Oxygen Forensic® Detective 12.3 introduces the ability to bypass screen lock, perform a physical acquisition, and decrypt the data from Huawei devices based on Kirin 980, 970, 710 and 710F chipsets. The functionality is available for Huawei devices running Android OS 9 and 10 and covers over 50 of the latest models, including: Huawei Honor 20, Huawei Honor Magic 2 3D, Huawei Honor 10 Premium (GT), Huawei Honor Note 10, etc.
To acquire a Huawei device, choose the “Huawei Android dump” option in Oxygen Forensic® Extractor, follow the instructions and extract both a physical dump and the hardware keys to decrypt it. There is also a built-in function to brute force a password if it is unknown.
Oxygen Forensics’ support for obtaining a physical bypass for Huawei devices running OS 10 is exclusive, no other company supports this version.
Secure Chats Decryption
In our previous releases of Oxygen Forensic® Detective we added parsing of additional information to include Certificates and Keys, from the keychain file obtained from Apple GrayKey extractions and Apple iOS jailbroken devices. This initial step has now allowed our new Oxygen Forensic® Detective 12.3 to introduce decryption for secure chats in several Messengers installed in Apple iOS devices to include: Signal, Wickr Me, Facebook and ChatSecure.
The data set extracted from these messengers will include account information, contacts, private and group chat information, calls, and other available artifacts.
New macOS Artifacts
The updated Oxygen Forensic® KeyScout now allows investigators to collect new artifacts on macOS – Apple Messages, Apple Notes, Apple Photos and Apple Reminders. Apple Message data includes contacts, SMS/MMS, iMessages, and their attachments.
To collect this data, copy Oxygen Forensic® KeyScout to removable media and run it on the subject’s macOS computer. Once the data is collected, save it to archive and open the ODB file in Oxygen Forensic® Detective. You can view extracted macOS data and merge it with other extractions for a thorough analysis with our built-in analytical tools.
The updated Oxygen Forensic® KeyScout can also detect and decrypt passwords saved in Google Chrome v.80 and Mozilla Firefox v.75 web browsers. These passwords can be immediately used for cloud data extraction.
Slack Extraction From Cloud
With the updated and built-in Oxygen Forensic® Cloud Extractor you can now acquire evidence from the Slack app. Extraction is possible by obtaining the username/password or tokens extracted from mobile devices, as well as Windows and macOS by our KeyScout. The evidence set includes account information, contacts, private and groups chats, and channels. With full support of the Slack app, from both mobile devices and cloud, Oxygen Forensic® Detective once again proves to be the best tool for corporate investigations.
Updated WhatsApp Methods
We have updated the algorithms of WhatsApp extraction and decryption available in Oxygen Forensic® Cloud Extractor. The latest version allows investigators to decrypt WhatsApp backups via phone number and access the WhatsApp Cloud (Server) directly using the phone number.
Oxygen Forensic® Detective 12.3 brings support for 1,000+ new Android devices that include Motorola Moto E6, Motorola moto G8, Xiaomi MI 2A, Xiaomi Mi 10, Xiaomi Mi 10 Pro, Samsung Galaxy A01, Samsung Galaxy S20, etc. The total number of supported devices exceeds 35,500!
We have added data parsing from a couple of new apps as well as updated over 500 app versions from Apple iOS and Android devices. The total number of supported app versions exceeds 14,800!