Oxygen Forensic® Detective v.15.1

Our latest update to our flagship solution, Oxygen Forensic® Detective v.15.1 is here!

This version introduces the following key features:

 

For a full list of updates, refer to the “What’s New” file in the Oxygen Forensic® Detective “Options” menu.

 

Mobile Forensic Updates

Enhanced support for MTK devices

Oxygen Forensic® Detective v.15.1 brings enhanced support for MTK-based Android devices. Now Android devices that have TEE Trusty and File-Based Encryption (FBE) and are based on the MT6765 and MT6580 chipsets are supported for passcode brute force.

Moreover, our support now covers Android devices that are based on the MT6739 chipset and have TEE Kinibi and Full-Disk Encryption (FDE).

We’ve also  added the ability to decrypt images of Xiaomi and Poco devices based on the Mediatek MT6769T chipset and having File-Based Encryption (FBE). Supported models include Xiaomi Poco M2,Xiaomi Redmi 9 Global,Xiaomi Redmi 9 Prime.

 

Android Keystore extraction from Qualcomm-based devices

We’ve added the ability to extract encryption keys from the Android Keystore from devices based on the Qualcomm chipsets: MSM8917, MSM8937, MSM8940, and MSM8953.

To use this functionality, select the Qualcomm EDL method in the Oxygen Forensic® Device Extractor. With the extracted encryption keys, Oxygen Forensic® Detective can decrypt Briar, ProtonMail, Silent Phone, and Signal apps.

 

 Other Device Extractor updates

We’ve also included the following extraction updates:

      • Redesigned extraction method for Spreadtrum-based devices. Now this method is available in the new Oxygen Forensic® Device Extractor.
      • Updated the ability to extract data from Discord and added selective Discord chat extraction via Android Agent.
      • Improved the interface of selective iOS data extraction via checkm8, SSH, and iOS Agent.
      • Full extraction support for iPhone 14, iPhone 14 Plus, iPhone 14 Pro, and iPhone 14 Pro Max via iTunes backup procedure.

 

App support

In Oxygen Forensic® Detective v.15.1, we’ve added support for the following new apps:

      • Briar (Android)
      • AppLock (Android)
      • Default Sound Recorder (Android)
      • FileSafe (Android)
      • Zoho Mail (iOS, Android)
      • JustTalk (iOS)
      • Microsoft Bing (iOS)
      • Shazam (iOS)
      • IRL (iOS)

 

The total number of supported app versions now exceeds 34,000.

Import Updates

Brute force for additional MainSpace (Huawei)

A Huawei device may have more than one MainSpace (user profiles). In Oxygen Forensic® Detective v.15.1, you can brute force passcodes to the second, third, or more profiles in MainSpace. Please note that a passcode brute force is also available for PrivateSpace.

 

Import of Microsoft Outlook Data Files

Now you can import and parse Microsoft Outlook Data Files of .pst/.ost file formats. Select this file format under “Desktop Data” options and follow the instructions. The parsed evidence set will include emails, contacts, calendars and tasks.

Import of Snapchat My Data

Oxygen Forensic® Detective v.15.1 allows you to import downloaded Snapchat My Data that can be collected with the “Download My Data” function from Snapchat. The parsed evidence set will include account information, chats, calls, memories, search history, highlights, story views, and more.

We’ve also added support for the latest version of Snapchat Warrant Returns.

 

Cloud Forensic Updates 

We’ve introduced several improvements to Oxygen Forensic® Cloud Extractor:

      • The last view date is now extracted for Google Drive files
      • You can set a path to OCB files in the Account Owner information window
      • We’ve redesigned the Help menu and included new documents

 

Computer Artifacts

Functionality updates

We’ve improved the software interface and made a number of functional updates to  KeyScout.

      • You can now decrypt passwords, tokens, and cookies collected from other user profiles and computer images. Enter the known password in the Passwords tab within the Search settings for data decryption.
      • You can select particular drives and partitions for live extraction.
      • We’ve improved the Search Settings interface by adding detailed descriptions of the system artifacts and memory available for extraction.
      • More detailed information has been added regarding every step of the data collection and saving process.

 

New and updated artifacts

With the updated Oxygen Forensic® KeyScout, you can collect the following new artifacts:

      • Windows Diagnostic Infrastructure (WDI) artifact on Windows
      • System logs on Linux
      • Microsoft To Do app on Windows
      • Mail and Calendar app on Windows

 

Updated artifact support includes:

      • Most Recently Used (MRU) artifact on Windows
      • WMI persistence artifact on Windows
      • System events artifact on macOS
      • Microsoft Outlook app on Windows
      • Signal app on Windows, macOS, and Linux

 

 

General Updates

Facial Categorization on video frames

In the Files section, we’ve added the ability to categorize faces from video frames. If an extracted video has a face, you can now right-click on a video frame and add it to the Faces section by selecting the “Detect face” option.

 

Updates in Oxygen Forensic® Viewer

We’ve added support for Project VIC files in Oxygen Forensic® Viewer. You can now:

      • Assign Project VIC categories to images in the Files section
      • Add Project VIC hash sets in the Hash Sets Manager
      • Customize Project VIC categories in the Options menu

 

Resolved issues

      • Telegram token from Google Chrome not saving with Oxygen Forensic® KeyScout
      • A section of the Oxygen Forensic® KeyScout interface displayed blank on macOS
      • No data collected from Opera browser by Oxygen Forensic® KeyScout
      • Android Agent extraction fails with unknown error 0xC0000002

 

Interested in trying out v.15.1? Try it out free for 20-days.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *