Oxygen Forensic Key Scout

What is it?

KeyScout is a utility built into Oxygen Forensic® Detective which uncovers and extracts user data, tokens and passwords from apps and web browsers as well as Wi-Fi hotspot passwords, iTunes backups, and operating system data on PCs running Windows.

How to use it?

Oxygen Forensic® KeyScout is an easy-to-use utility that can assist in any investigations.. There are four steps investigators need to follow:

  1. Open Oxygen Forensic® Detective or JetEngine;
  2. In Oxygen Forensic Detective’s tool menu select Oxygen Forensic KeyScout and from Jet Engine’s main dashboard select KeyScout under Forensic Tools.  *Investigators can also use Search for credentials on the target computer from within Oxygen Forensic Cloud Extractor;
  3. Add keyscout.exe to removable media.
  4. Run KeyScout on the target  computer;
  5. Save collected data to an inserted removable drive (this collection will contain both an ocpk file and odb file).
  6. Investigators can import the ocpk file to Oxygen Forensic® Cloud Extractor and the odb file to JetEngine.

What makes it stand out?

Only one other company in the field of the mobile forensics provides its customers with a similar utility. However, their solution only extracts the username and password that a user saved within a PC web browser. Useful, but clearly not as comprehensive and multi-functional as Oxygen Forensic® KeyScout.

What can I do with it?

Oxygen Forensic® KeyScout focuses on extracting passwords, tokens, and user data from from web browsers and applications, locates and extracts iTunes backups, locates and extracts Wi-Fi hotspot passwords, and collects operating system artifacts from Windows OS-operated PC. Currently there are numerous apps and browsers supported, including  WhatsApp Desktop, iCloud for Windows, Google Chrome, Internet Explorer, Mozilla Firefox, Opera, and Mozilla Thunderbird to name a few. We collect more than just tokens and passwords; with Oxygen Forensic® KeyScout investigators can extract valuable data from browsers including: cookies, history, bookmarks, and data from autofill forms.

We are constantly updating our  algorithms to enhance the capabilities of Oxygen Forensic® KeyScout with each release. There is no need to pay extra; KeyScout is built-into Oxygen Forensic® Detective enabling investigators to import acquired data into Oxygen Forensic Cloud Extractor and JetEngine  for further analysis at no additional cost.

Why do I need it?

Not only are our tools frequently updated, the ease of use can save you some time and even crack the case.

In the United Kingdom in 2019 a child went missing. The terrified parents contacted the local Police Department to assist in searching for their child. With the phone believed to be switched off and presumably with the child, the only tech piece left to investigate was the child’s laptop. Deploying KeyScout on the laptop and then importing the acquired data into Oxygen Forensic® Detective, the police found some amazing web history.  Within the recovered history, and among the most frequently visited pages, the child’s video blog on a social media site was located.  The investigators located several followers of the vlog that seemed suspicious. Further investigation of the subjects on the social media site the investigators uncovered intensive messaging to the missing child.

The chat history with one of the subjects was found in WhatsApp messenger. This message was extremely important since it indicated the child wanted to run away because of the parent insisting they go to school and do chores.    The subject having the conversation with the child on Whatsapp invited them to stay at their home.  This was the clue the police needed.  With the address the police arrived to locate the child, unharmed, and arrest the subject who happened to be wanted for child molestation and human trafficking.

The case was solved with the use of Oxygen Forensic Detective and the built in Oxygen Forensic® KeyScout by extracting and analyzing browser history with auto fillable forms along with the data from WhatsApp Messenger for Windows.

Your story using Oxygen Forensic® KeyScout may be next. Feel free to try it and to share your experience with us!

Success is only a few clicks away! Check out the workflow!

Preparing for collection – adding Keyscout to removable media

Launch using Jet Engine
Launch from Cloud Extractor or.
Launch from Oxygen Forensic Detective Tools menu
Select the storage location for Keyscout.exe

Searching Target Computer

Run the KeyScout.exe on the target computer

Importing the ODB file into JetEngine

Import the ODB file into Jet Engine or
Internet and app data is parsed and available in JetEngine.

Using the OCPK file in Oxygen Forensic Cloud Extractor

Import the OCPK file into Oxygen Forensic Cloud extractor
Passwords, tokens, credentials are loaded and verified!
Extraction of data begins!

Leave a Reply

Your email address will not be published. Required fields are marked *