The latest update to our flagship software Oxygen Forensic® Detective v.15.0 is here!
This version introduces the following key features:
- Screen lock bypass for Xiaomi devices
- Android Keystore extraction from Qualcomm-based Huawei devices
- Semantic Location History parsing from Google Takeout
- New tool for calls and messages analysis
- Facial Categorization enhancements
For a full list of updates, refer to the “What’s New” file in the Oxygen Forensic® Detective “Options” menu.
Mobile Forensic Updates
Screen lock bypass for Xiaomi devices
In Oxygen Forensic® Detective v.15.0, we extend our support for Xiaomi devices with File-Based Encryption (FBE) by adding two more MTK chipsets: Helio G88 (MT6768) and Helio G90T (MT6785).
Oxygen Forensic® Detective extracts hardware keys and allows you to either enter the known password or to find it with the built-in brute force module.
Supported devices include Xiaomi Redmi 10 Prime 2022, Xiaomi Redmi 10 Global, Xiaomi Redmi 10 Prime, and Xiaomi Redmi Note 8 pro.
Android Keystore extraction from Qualcomm-based Huawei devices
We’ve added the ability to extract encryption keys from the Android Keystore from Huawei devices based on the Qualcomm chipsets: MSM8917, MSM8937, and MSM8940.
To use this functionality, select the Huawei Qualcomm EDL method in the Oxygen Forensic® Device Extractor. With the extracted encryption keys, Oxygen Forensic® Detective can currently decrypt ProtonMail, Silent Phone, and Signal apps.
Kik Messenger extraction via Android Agent
Now you can quickly collect Kik Messenger contacts as well as private and group chats from any unlocked Android device using Android Agent. It can be installed on a device via USB, WiFi, or OTG device.
Once the acquisition process is finished, the Android Agent extraction can be imported into Oxygen Forensic® Detective for review and analysis.
iOS selective extraction
We’ve enhanced the ability to selectively extract evidence from Apple iOS devices. Previously, only selective extraction was available for TOP 30 apps. Now you can choose any installed app for extraction. This feature is available for the checkm8, SSH, and iOS Agent extraction methods.
Redesigned SIM card extraction
In this software version, we’ve redesigned the SIM Card extraction method and now it is available in the new Oxygen Forensic® Device Extractor.
In Oxygen Forensic® Detective v.15.0, we’ve added support for the following new apps:
- Temp Mail (iOS, Android)
- Phone by Google (Android)
- Huawei Notes (Android)
- Calculator# (iOS)
- Calculator+ (iOS)
- Bigo Live (iOS)
The total amount of supported app versions exceeds 33800.
Cloud Forensic Updates
We’ve completely redesigned our support for Box, a popular file-sharing service. Now many new artifacts can be extracted:
- Comments to files and notes
We’ve also updated the authorization algorithm for OnlyFans. Now the lists that the account owner follows can be extracted from Twitter.
With the updated Oxygen Forensic® KeyScout, you can collect the following new artifacts:
- list of network connections from volatile memory (Windows)
- list of loaded modules from volatile memory (Windows)
- list of open files from volatile memory (Windows)
- CryptnetURLCache (Windows)
- WMI persistence (Windows)
- Stage Manager (macOS 13)
Updated artifact support includes:
- Microsoft Edge (Windows)
- Tor Browser (Windows, macOS, and Linux)
- Calendar, Reminders, Notes, System Events, User Activity (macOS13)
Brute force for Oppo device extractions
Passcode brute force is now available for extractions of Oppo devices based on the MT6765 chipset and having File-Based Encryption. Supported device models include: Oppo A16, Oppo A16s, and Oppo A16K.
Semantic Location History parsing
There are two sources of location data in a Google Takeout: The location History file and Semantic Location History files created for every month.
Semantic Location History data can now be fully parsed by Oxygen Forensic® Detective when the Google Takeout file is imported. Semantic Location History files contain detailed information about the account owner’s visited locations and journeys.
Comparison of call and message logs with CDR
Oxygen Forensic® Detective v.15.0 presents a new analysis tool – the ability to compare call and message logs extracted from a device with Call Data Records provided by mobile service providers.
This feature is useful in situations when calls or messages have been manually deleted from a device. Using this comparison tool, you can fill in the gaps and see the complete picture.
To perform the comparison, go to the Timeline section and select the “Compare call and message logs with call data records” option in the Smart Filters. Once you select the devices and CDRs for comparison, the software will show you calls and messages in one list, in chronological order.
We’ve added two enhancements:
In the Files section, you can add a face from a video frame to a face set that can be used to search faces in extracted evidence.
We’ve added a multi-thread facial categorization using both CPU and GPU. You can choose a number of threads on the Advanced analytics tab in the software “Options” menu.
Search in the file metadata
You can now run a search in file metadata on the Text, Keywords, and RegExp tabs of the Search section. This option is also included in search templates.
- Error while trying to export realm db section
- Import freezes during Thunderbird parsing (Windows)
- Issues with iPhone XS and XR extraction via iOS Agent
- Xiaomi Redmi 9C MediaTek MT6765G Helio G3 was extracted but not decrypted
- .odb temporary files were not deleted from a temporary folder
- AV error on opening the Plist Viewer