Oxygen Forensics version 13.3

Are you interested in this product?

1300 55 33 24

contact@cdfs.com.au

Request a Call back

Oxygen Forensics version 13.3

Sony MTK Dump

MOBILE FORENSICS

Oxygen Forensic® Detective 13.3 implements a new extraction method entitled “Sony MTK Dump”. This method allows investigators to bypass the screen lock and create a full physical dump of Sony devices based on MTK chipsets with Full Disk Encryption (FDE). If Secure Startup is enabled, investigators can use the built-in brute force module to find the user passcode. Supported devices include Sony XA1, Sony L1, Sony L2, and Sony L3.

New Method for Qualcomm Devices

MOBILE FORENSICS

This update also offers a new method of extraction for Android devices based on Qualcomm chipsets. If a device is unlocked and has Security Patch Level (SPL) no later than February 2020, investigators can apply a built-in exploit to gain temporary root rights and perform a file system acquisition. This method covers multiple devices based on over 25 variations of Qualcomm chipsets running Android OS 7-9.

NVideo Screenshots

MOBILE FORENSICS

In version 12.5, we introduced the ability to make screenshots of Android data via our OxyAgent. Oxygen Forensic® Detective 13.3 enables video screenshots in a semi-automated or manual mode. Please note that apps preventing a screen capture (e.g., Telegram, WickreMe, VIPole) are not supported with this new upgrade to OxyAgent.

Search for Similar Faces

DATA ANALYSIS

Oxygen Forensic® Detective provides investigators with a wide range of built-in analytical and time-saving features. With the release of Oxygen Forensic Detective version 13.3, investigators can conduct searches for specific faces in one or more extractions. To do this, open the Search section and navigate to the Face Sets tab. From there, investigators can create a unique set of reference images by uploading photos of people whom they need to identify in the extraction. Investigators can also adjust the percentage of resemblance. The higher the threshold, the more accurate the results will be. Once the search has completed, investigators will see the search results along with all detailed information (age, emotion, resemblance, etc.) within the interface.

Application Activity Analysis

DATA ANALYSIS

Application activity analysis is often vital for malware detection. With this in mind, we have introduced a new tab, “Application activity”, in the Timeline section. It allows investigators to gain quick insights into the activity of applications extracted from Apple iOS and Android devices as well as computers.

Tinder and OkCupid Cloud Data

CLOUD FORENSICS

The updated Oxygen Forensic® Cloud Extractor brings support for two popular dating apps – Tinder and OkCupid.
Authorization in the Tinder cloud is supported via phone number or Google account. If 2FA is enabled, an investigator will need to enter a code received to the connected email address or phone number. Evidence sets will include the account details, chats, contacts, and matches.
Access to OkCupid is possible via phone number, login/password, or token extracted from Apple iOS and Android devices. If 2FA is needed to proceed, an investigator will need to enter a code received to the connected phone number. OkCupid cloud extraction will contain the account details, chats, contacts, files, and other available data.

New Computer Artifacts

COMPUTER ARTIFACTS

The updated Oxygen Forensic® KeyScout now allows investigators to collect user data from several new apps: Zello, Discord, Element Messenger, and VIPole. Moreover, using the KeyScout, investigators can import and parse file system ZIP archives made from Windows, macOS, or Linux computers. Additionally, we have added the ability to search and collect computer artifacts by most common file extensions. Check the required file extensions in the Settings/Files tab in KeyScout for additional information. Lastly, we have added full support for macOS Big Sur v 11.1.

Support for WiGLE Service

GENERAL

Location information is key to solving many crimes. This release brings support for WiGLE, which allows investigators to receive geo coordinates from extracted MAC addresses. To use this service, register on the WiGLE website and enter the received API token in the Options/Geo Settings menu in Oxygen Forensic® Detective. Once that is complete, investigators will be able to receive geo information in the Wireless Connections section.