About Oxygen Forensic® Detective v.15 Updates.

Oxygen Forensic^® Detective v.15.5.1 offers extraction of hardware keys and decryption of Android devices based on the MT6833 chipset, having File-Based Encryption (FBE) and running Android OS 10-13. Our support covers Samsung, Xiaomi, Oppo, Realme, Vivo, and Motorola devices.

Our updated Oxygen Forensic^® Device Extractor introduces several other enhancements:

• Added the ability to extract the full file system and keychain via checkm8 from Apple iOS devices with iOS version 15.7.7.
• Updated extraction via iOS Agent from iPhones running iOS versions 15.0 – 15.4.1.
• Updated Kik and Discord data extraction via Android Agent from unlocked Android devices.

Updated data extraction via Android Agent from Huawei devices running HarmonyOS

We’ve added support for the following new apps:

• AWS Wickr (iOS, Android)
• Samsung Email (Android)
• Vivaldi Browser (Android)

The total number of supported app versions now exceeds 39,900.

In Oxygen Forensic^® Detective v.15.5.1, we added the ability to import the following images:

• Physical dumps of Android OS devices based on the MT6833 chipset and having TEE Microtrust and F2FSCrypt.
• Physical dumps of Android OS devices based on the MT6833 chipset and having TEE TEEGRIS and F2FSCrypt.
• Physical dumps of Android OS devices based on MT6768 chipset and having F2FSCrypt and hybrid TEE Kinibi + TEEGRIS.
• Physical dumps of Android OS devices based on the MT6580 chipset and having TEE T6, F2FSCrypt, and metadata encryption.
• UFED backups of CLBX format.

We updated the ability to authorize in Google services and Twitter.

The updated Oxygen Forensic^® KeyScout enables users to collect the following new artifacts:

 

• The permissions given by macOS applications
• The background app activity from Windows
• The history of recently opened files from Linux
• The secret DPAPI password from Windows accounts linked to Microsoft accounts
• ICQ data from Windows, macOS, and Linux
• FileZilla data from Windows, macOS, and Linux
• Spark data from Windows
• Discord data from Linux
• Discord messages and cookies from Windows and macOS

Updated artifact support includes:

• Data about network interfaces from Windows
• Spark data from macOS

Updated artifact support includes:

• Data about network interfaces from Windows
• Spark data from macOS

In Oxygen Forensic^® Detective v.15.5.1 we included several enhancements for our analytical tools:

• Added the Activity Matrix for geo coordinates. Now you can further analyze the geo-location data and determine the peaks of user activity.
• Added a new smart filter. Now you can quickly filter and view the events that happened before and after the events marked with tags.
• Added the ability to filter by seconds, minutes, and hours in the time filter.

In Oxygen Forensic^® Detective v.15.5 we’ve added the ability to extract hardware keys and decrypt physical dumps of Android devices based on the UNISOC T610/T618/T700 chipsets, running Android OS 10-13 and having File-Based Encryption (FBE). Please use the Spreadtrum method for these types of extractions.

Supported devices include Blackview Tab 15, Digma Pro 1480E 4G, Infinix Hot 12 Play Unisoc T610, Lenovo Tab M10 (3^rd Gen), Micromax In 2b, Realme C21Y, Teclast T40 plus, and more.

We’ve extended our MTK Android method. Oxygen Forensic^® Detective v.15.5 enables the extraction of hardware keys and decryption of Android devices based on the MT6761 chipset. Our support covers Xiaomi Poco C50, Xiaomi Redmi A1, Xiaomi Redmi A1+, Honor 8S 2020, Huawei Y5 2019, Huawei Y6 Prime 2019, Xiaomi Redmi 6A, and other models.

Oxygen Forensic^® Detective v.15.5 adds support for Samsung Exynos devices having Full-Disk Encryption (FDE) and upgraded from Android OS 9 to 10-11. This method offers passcode brute force.

Our updated Oxygen Forensic^® Device Extractor introduces several other enhancements :

• Updated extraction of Twitter, Viber, WhatsApp, and WhatsApp Business data via Android Agent.
• Added keychain extraction via iOS Agent from Apple iOS devices with versions 15.0 – 15.5.
• Added file system extraction via iOS Agent from Apple iOS devices with versions 15.0 – 15.7.1 and 16.0 – 16.1.2.
• Added full file system and keychain extraction via checkm8 from Apple iOS devices with version 15.7.5.

We’ve added support for the following new apps:

• Hide It Pro (Android)
• Notepad Vault-AppHider (Android)
• Notion (Android)
• Tappsk (Apple iOS)

Moreover, we have added support for a valuable artifact – Samsung Customization Service. It collects and stores information about the user activity: application usage history, paces, location history, motion history, web history, search history, Wi-Fi connection history, settings, notifications, and events logs.

The total number of supported app versions now exceeds 38,500.

We’ve added another source for acquiring Telegram data. Now investigators can import and parse Telegram Exported Data files that can be saved using the “Export Telegram Data” option in the Telegram app settings. To import them into our software, click the Downloaded Accounts Data option located on the software Home screen.

Telegram Exported Data files can contain the following information:

• Account information
• Contacts
• Chats
  • private chats
  • chats with bots
  • private channels and groups (only account messages)
  • public channels and groups (only account messages)
• Active sessions
• Attachments
  • Photos
  • Videos
  • Voice messages
  • Video messages
  • Stickers
  • GIF

We’ve added several enhancements to our Cloud Extractor tool:

• Extraction of Telegram artifacts: reactions, avatars, blocked users, group and channel requests, and Premium account information
• Updated Facebook data extraction
• Updated the ability to authorize in Tinder

In Oxygen Forensic^® Detective v.15.5, we’ve added the ability to analyze drive partitions protected with BitLocker. There are four methods of analysis:

• If a drive partition is protected and locked, Oxygen Forensic^® KeyScout can decrypt it with a known password or BitLocker recover key.
• If a drive partition is protected and locked, Oxygen Forensic^® KeyScout can also decrypt it with a FVEK (Full Volume Encryption Key) or a VMK (Volume Master Key) extracted from RAM memory.
• If a drive partition is protected, but protectors are deleted or disabled, Oxygen Forensic^® KeyScout detects this state and automatically decrypts the drive.
• If a drive partition is protected but unlocked during the Oxygen Forensic^® KeyScout work, investigators can use Oxygen Forensic^® KeyScout to decrypt it or use the OS API to find data in a decrypted logical drive.

In Oxygen Forensic^® Detective v.15.5, we’ve added the ability to analyze drive partitions protected with BitLocker. There are four methods of analysis:

• If a drive partition is protected and locked, Oxygen Forensic^® KeyScout can decrypt it with a known password or BitLocker recover key.
• If a drive partition is protected and locked, Oxygen Forensic^® KeyScout can also decrypt it with a FVEK (Full Volume Encryption Key) or a VMK (Volume Master Key) extracted from RAM memory.
• If a drive partition is protected, but protectors are deleted or disabled, Oxygen Forensic^® KeyScout detects this state and automatically decrypts the drive.
• If a drive partition is protected but unlocked during the Oxygen Forensic^® KeyScout work, investigators can use Oxygen Forensic^® KeyScout to decrypt it or use the OS API to find data in a decrypted logical drive.

With the updated Oxygen Forensic^® KeyScout, users can collect the following new artifacts:

• Known network connections from Windows
• Saved pop-up notifications from macOS
• Briar data from Windows and Linux
• Notepad++ from Windows and Linux
• Information about the installed Debian Package/Advanced Packaging Tool packages from Linux

Updated artifact support includes:

• • User credentials from Windows Credential Manager
  • Telegram data from macOS

Oxygen Forensic^® Detective v.15.4 enables extraction of Google Chrome artifacts via Android Agent from any supported unlocked Android device. Android Agent can be installed on a device via USB, WiFi, or OTG device. Once the acquisition process is finished, the Android Agent extraction can be imported into Oxygen Forensic^® Detective for review and analysis. Evidence sets will include account details, saved logins and passwords, credit cards, history, opened tabs, bookmarks, and downloads.

In the recent versions of Oxygen Forensic^® Detective, we’ve added two enhancements for iOS Agent method:

• In the minor update of Oxygen Forensic® Detective v.15.3.1 we’ve added the ability to extract the full file system via iOS Agent from iOS devices running versions 15.0 – 15.7.1 and 16.0 – 16.1.2.
• Oxygen Forensic^® Detective v.15.4 now allows selecting an exploit if several are available for the particular iOS device model.

In Oxygen Forensic^® Detective v.15.4, we’ve added support for the following new apps:

• iScanner (Apple iOS, Android)
• Notion (Apple)
• Session (Android)
• Telegram Web (Android)

The total number of supported app versions now exceeds 35,300.

We’ve enhanced our drone support by adding the ability to import and analyze iFlight drone logs that can be found on memory cards of remote controls. Evidence sets will include the following parameters: flight date and time, geo coordinates, battery level, altitude, and ground speed. The flight can be visualized on the built-in map in our software.

Learn more

Now you can import and parse vehicle evidence from Berla iVe backups. To do this, click the “Third-party extractions” option in the Home screen and follow the instructions. The evidence set may include detailed vehicle information, connected mobile devices, calls, vehicle speed info, search and location history, files from the vehicle multimedia system, and other available artifacts.

Learn more

Oxygen Forensic^® Detective v.15.4 can now ingest and parse MD-Next physical extractions of Android devices. Evidence sets will include all data, including apps.

We are enhancing our support for cloud fitness apps, and with this release, we are incorporating extraction of Huawei Health data via login and password, token, phone number, or QR code. Extracted evidence will include all health data: workouts, medical data, routes, and more.

We’ve significantly improved support for the latest Telegram features. Now you can extract more data from the Telegram cloud:

• recent actions of group chats that are available to the group admins
• group chats with enabled topics
• collectible usernames

We’ve also updated the ability to extract Telegram tokens from Apple iOS devices.

With the updated Oxygen Forensic^® KeyScout, investigators can perform the following:

• extract data from drives and images with Logical Volume Manager partitions.
• analyze Windows RAM images in padded RAW and Crash Dump (DMP) formats while analyzing drives or drive images
• collect and filter files by size.

A number of artifacts were introduced and updated in KeyScout. Users can collect the following new artifacts:

• a web version of WhatsApp from Chromium, Microsoft Edge, Brave, and Vivaldi browsers from Windows, macOS, and Linux
• a web version of Slack from Chromium, Brave, and Vivaldi browsers from Windows, macOS, and Linux
• a web version of Instagram from Chromium, Microsoft Edge, Brave, and Vivaldi browsers from Windows, macOS, and Linux
• AnyDesk data from Windows, macOS, and Linux
• Find My data from macOS
• the list of system user accounts and groups from macOS
• VPN connection settings from Windows

Updated artifact support includes:

• Amazon Photos from Windows and macOS
• the information about Bluetooth devices from macOS

Users can now extract hardware keys and decrypt data from Samsung devices based on the Mediatek Helio G80 chipset and having TEE TEEGRIS. Our support covers devices running Android OS 10 and higher. Supported models include Samsung Galaxy A22 4G, Samsung Galaxy A32 4G, Samsung Galaxy F22, Samsung Galaxy M22, Samsung Galaxy M32, and others.

Now you can extract hardware keys and decrypt physical dumps of Motorola devices based on the MT6765 chipset, having File-Based Encryption and running Android OS 10-12. Our support covers Motorola Moto E7, Motorola Moto E7 Power, Motorola Moto G Pure, Motorola Moto E6s, and Motorola Moto E6 Plus.

We’ve also added support for Huawei devices based on the MT6765 chipset, running Android OS 10, and having File-Based Encryption. Our support covers Honor 9A, Honor 9S, Huawei Y5p, and Huawei Y6p.

We’ve also added support for Huawei devices based on the MT6765 chipset, running Android OS 10, and having File-Based Encryption. Our support covers Honor 9A, Honor 9S, Huawei Y5p, and Huawei Y6p.

Extraction and decryption of Huawei devices based on the Qualcomm SDM450 chipset has been added. Our support covers Huawei devices running Android OS 10 or higher. Supported models include Huawei Enjoy 9, Huawei Y7 2019, Huawei Y7 Pro 2019, and Huawei Y7 Prime 2019.

Now users can extract even more Firefox artifacts via Android Agent: collections, logins and passwords, saved cards, and addresses. While collecting saved credentials and cards, the Android Agent will require that a user password be manually entered to allow the process to start.

Recently, Telegram has introduced the ability to create group chats with enabled topics. With this release this type of chats can be collected via Android Agent from any supported Android devices. Selective topic extraction is available.

In Oxygen Forensic^® Detective v.15.3 we’ve added two enhancements for iOS device support:

• We’ve added the ability to extract the full file system and keychain via iOS Agent from iOS devices running iOS versions 15.0 – 15.4.1. For these supported iOS versions, there is no need to authenticate an Apple ID account and obtain a certificate for signing iOS Agent.
• Users can now extract the full file system and keychain via checkm8 from Apple iOS devices based on the A10 chipset and running iOS 14 and 15 without disabling the screen lock.

In Oxygen Forensic^® Detective v.15.3 we’ve added support for the following new apps:

• BOTIM (Apple, Android)
• GB WhatsApp (Android)
• OB WhatsApp (Android)
• FM WhatsApp (Android)
• Microsoft Bing (Android)
• BeReal (Apple)
• Moj (Apple)
• Tiki (Apple)

The total number of supported app versions now exceeds 34,800.

In this release, users can import and parse evidence from Tinder archives. Click the Tinder archive option under the Downloaded accounts data on the Home software screen to import Tinder data. Evidence set will contain media files, messages, used apps, campaigns, purchases, Spotify artifacts, and other supported artifacts.

Learn more

Oxygen Forensic^® Detective v.15.3 allows cloud extraction from LastPass, one of the most popular password managers. Extraction is possible via login and password or token. Evidence set will include passwords, documents, notes, and bank card details.

Learn more

Authorization and extraction algorithms for already supported cloud services was updated – Google Home, Google Chrome, Google My Activity, MiFit, Android Cloud Data, and Huawei.

A number of functional and interface updates to KeyScout were introduced:

• Added extended analysis of live RAM that now includes memory pages from pagefiles
• More detailed information about data search progress
• Redesigned and simplified the work with search profiles

Learn more

A number of functional and interface updates to KeyScout were introduced:

• Added extended analysis of live RAM that now includes memory pages from pagefiles
• More detailed information about data search progress
• Redesigned and simplified the work with search profiles

Learn more about search profiles.

New and updated artifacts

With the updated Oxygen Forensic^® KeyScout, users can collect the following new artifacts:

• Background Intelligent Transfer Service (BITS) on Windows
• Diagnostic data from Windows
• Information about running processes on macOS and Linux during live system extraction
• ARP cache on macOS and Linux during live system extraction
• Dock elements from macOS
• History of commands entered in the terminal on Linux
• History of app usage on Linux
• History of Vim usage on Linux
• Brave data from Windows, macOS, and Linux

Updated artifact support includes:

• Microsoft Teams data on Windows
• Microsoft Exchange Server data on Windows
• Viber data on Windows, macOS, and Linux
• Apple Messages data on macOS

You can now brute force passcodes to decrypt data from Samsung Exynos devices running Android OS 10-11 and having File-Based Encryption (FBE). Our support includes the following models: Galaxy A51 5G, Galaxy A71 5G, Galaxy F41, Galaxy M21,Galaxy M31, Galaxy Xcover Pro, Galaxy Note10 Lite, and many others.

In Oxygen Forensic® Detective v.15.2, we have included several enhancements for MTK-based devices. You can now extract and decrypt physical dumps of Xiaomi 6 and Xiaomi 6A devices based on the MTK6765 chipset with Full-Disk Encryption (FDE). Moreover, now you can decrypt physical images of devices based on the MT6737 chipset having TEE Trusty and FDE.

You can now quickly collect Firefox browser data from any unlocked Android device using our Android Agent. It can be installed on a device via USB, WiFi, or OTG device.

Once the acquisition process is finished, the Android Agent extraction can be imported into Oxygen Forensic® Detective for review and analysis. The evidence set will include user info, history, bookmarks, downloads, and tabs.

We’ve also added extraction of RCS messages from unlocked Android devices via Android Agent. You can collect RCS messages manually using Android Agent or via USB cable, if you directly connect a device to Oxygen Forensic® Detective.

We’ve also added the following extraction updates:

• Ability to extract full file system and keychain from iOS devices with versions 14.4-14.5.1 via iOS Agent.
• Ability to extract full file system and keychain via checkm8 from iPhone 6s and
• iPhone SE devices without disabling the screen lock.
• Desktop initial screen.

In Oxygen Forensic® Detective v.15.2, we’ve added support for the following new apps:

• Xiaomi Notes (Android)
• Xabber Beta (Android)
• IRL (Android)
• JustTalk (Android)
• SafeCalc (iOS)
• Life360 (iOS)

The total number of supported app versions now exceeds 34,600.

Oxygen Forensic® Detective v.15.2 allows the extraction of workout data from the Runtastic cloud account using login credentials and tokens. Extracted evidence sets will include account details as well as a list of activities with locations and comments.

Oxygen Forensic® Detective v.15.2 allows the extraction of workout data from the Runtastic cloud account using login credentials and tokens. Extracted evidence sets will include account details as well as a list of activities with locations and comments.

We’ve made a number of functional and interface updates to KeyScout:

• Added support for XFS file system
• Added the Encrypted data tab
• Added display of privilege levels on macOS
• Added extended information about data saving

With the updated Oxygen Forensic® KeyScout, you can collect the following new artifacts:

• DPAPI keys of the authorized user from Windows RAM
• DNS cache from Windows during live data extraction
• ARP cache from Windows during live data extraction
• Firewall rules from Windows
• Cron tasks from Linux
• System accounts and groups from Linux
• SSH keys from macOS and Linux
• Extended system information about Linux

Updated artifact support includes:

• Google Chrome browser from Windows, macOS, and Linux
• Cache from apps based on the Blink engine
• Signal app on Windows, macOS, and Linux

Learn more

Oxygen Forensic^® Detective v.15.1 brings enhanced support for MTK-based Android devices. Now Android devices that have TEE Trusty and File-Based Encryption (FBE) and are based on the MT6765 and MT6580 chipsets are supported for passcode brute force.

Moreover, our support now covers Android devices that are based on the MT6739 chipset and have TEE Kinibi and Full-Disk Encryption (FDE).

We’ve also  added the ability to decrypt images of Xiaomi and Poco devices based on the Mediatek MT6769T chipset and having File-Based Encryption (FBE). Supported models include Xiaomi Poco M2,Xiaomi Redmi 9 Global,Xiaomi Redmi 9 Prime.

We’ve added the ability to extract encryption keys from the Android Keystore from devices based on the Qualcomm chipsets: MSM8917, MSM8937, MSM8940, and MSM8953.

To use this functionality, select the Qualcomm EDL method in the Oxygen Forensic^® Device Extractor. With the extracted encryption keys, Oxygen Forensic^® Detective can decrypt Briar, ProtonMail, Silent Phone, and Signal apps.

We’ve also included the following extraction updates:

• Redesigned extraction method for Spreadtrum-based devices. Now this method is available in the new Oxygen Forensic^® Device Extractor.
• Updated the ability to extract data from Discord and added selective Discord chat extraction via Android Agent.
• Improved the interface of selective iOS data extraction via checkm8, SSH, and iOS Agent.
• Full extraction support for iPhone 14, iPhone 14 Plus, iPhone 14 Pro, and iPhone 14 Pro Max via iTunes backup procedure.

In Oxygen Forensic^® Detective v.15.1, we’ve added support for the following new apps:

• Briar (Android)
• AppLock (Android)
• Default Sound Recorder (Android)
• FileSafe (Android)
• Zoho Mail (iOS, Android)
• JustTalk (iOS)
• Microsoft Bing (iOS)
• Shazam (iOS)
• IRL (iOS)

The total number of supported app versions now exceeds 34,000.

A Huawei device may have more than one MainSpace (user profiles). In Oxygen Forensic^® Detective v.15.1, you can brute force passcodes to the second, third, or more profiles in MainSpace. Please note that a passcode brute force is also available for PrivateSpace.

Now you can import and parse Microsoft Outlook Data Files of .pst/.ost file formats. Select this file format under “Desktop Data” options and follow the instructions. The parsed evidence set will include emails, contacts, calendars and tasks.

Oxygen Forensic^® Detective v.15.1 allows you to import downloaded Snapchat My Data that can be collected with the “Download My Data” function from Snapchat. The parsed evidence set will include account information, chats, calls, memories, search history, highlights, story views, and more.

We’ve also added support for the latest version of Snapchat Warrant Returns.

We’ve introduced several improvements to Oxygen Forensic^® Cloud Extractor:

• The last view date is now extracted for Google Drive files
• You can set a path to OCB files in the Account Owner information window
• We’ve redesigned the Help menu and included new documents

We’ve improved the software interface and made a number of functional updates to  KeyScout.

• You can now decrypt passwords, tokens, and cookies collected from other user profiles and computer images. Enter the known password in the Passwords tab within the Search settings for data decryption.
• You can select particular drives and partitions for live extraction.
• We’ve improved the Search Settings interface by adding detailed descriptions of the system artifacts and memory available for extraction.
• More detailed information has been added regarding every step of the data collection and saving process.

With the updated Oxygen Forensic^® KeyScout, you can collect the following new artifacts:

• Windows Diagnostic Infrastructure (WDI) artifact on Windows
• System logs on Linux
• Microsoft To-Do app on Windows
• Mail and Calendar app on Windows

Updated artifact support includes:

• Most Recently Used (MRU) Artifact on Windows
• WMI persistence artifact on Windows
• System events artifact on macOS
• Microsoft Outlook app on Windows
• Signal app on Windows, macOS, and Linux

In the Files section, we’ve added the ability to categorize faces from video frames. If an extracted video has a face, you can now right-click on a video frame and add it to the Faces section by selecting the “Detect face” option.

We’ve added support for Project VIC files in Oxygen Forensic^® Viewer. You can now:

• Assign Project VIC categories to images in the Files section
• Add Project VIC hash sets in the Hash Sets Manager
• Customize Project VIC categories in the Options menu

In Oxygen Forensic® Detective v.15.0, we extend our support for Xiaomi devices with File-Based Encryption (FBE) by adding two more MTK chipsets: Helio G88 (MT6768) and Helio G90T (MT6785). Oxygen Forensic® Detective extracts hardware keys and allows you to either enter the known password or to find it with the built-in brute force module. Supported devices include Xiaomi Redmi 10 Prime 2022, Xiaomi Redmi 10 Global, Xiaomi Redmi 10 Prime, and Xiaomi Redmi Note 8 pro.

We’ve added the ability to extract encryption keys from the Android Keystore from Huawei devices based on the Qualcomm chipsets: MSM8917, MSM8937, and MSM8940. To use this functionality, select the Huawei Qualcomm EDL method in the Oxygen Forensic® Device Extractor. With the extracted encryption keys, Oxygen Forensic® Detective can currently decrypt ProtonMail, Silent Phone, and Signal apps.

Now you can quickly collect Kik Messenger contacts as well as private and group chats from any unlocked Android device using Android Agent. It can be installed on a device via USB, WiFi, or OTG device. Once the acquisition process is finished, the Android Agent extraction can be imported into Oxygen Forensic® Detective for review and analysis.

We’ve enhanced the ability to selectively extract evidence from Apple iOS devices. Previously, only selective extraction was available for TOP 30 apps. Now you can choose any installed app for extraction. This feature is available for the checkm8, SSH, and iOS Agent extraction methods

In this software version, we’ve redesigned the SIM Card extraction method and now it is available in the new Oxygen Forensic® Device Extractor.

• Temp Mail (iOS, Android)
• Phone by Google (Android)
• Huawei Notes (Android)
• Calculator# (iOS)
• Calculator+ (iOS)
• Bigo Live (iOS)

The total amount of supported app versions exceeds 33800.

We’ve completely redesigned our support for Box, a popular file-sharing service. Now many new artifacts can be extracted:

• Contacts
• Collections
• Tasks
• Notifications
• Notes
• Sessions
• Comments to files and notes

We’ve also updated the authorization algorithm for OnlyFans. Now the lists that the account owner follows can be extracted from Twitter.

With the updated Oxygen Forensic® KeyScout, you can collect the following new artifacts:

• list of network connections from volatile memory (Windows)
• list of loaded modules from volatile memory (Windows)
• list of open files from volatile memory (Windows)
• CryptnetURLCache (Windows)
• WMI persistence (Windows)
• Stage Manager (macOS 13)

Updated artifact support includes:

• Microsoft Edge (Windows)
• Tor Browser (Windows, macOS, and Linux)
• Calendar, Reminders, Notes, System Events, User Activity (macOS13)

Passcode brute force is now available for extractions of Oppo devices based on the MT6765 chipset and having File-Based Encryption. Supported device models include: Oppo A16, Oppo A16s, and Oppo A16K.

There are two sources of location data in a Google Takeout: The location History file and Semantic Location History files created for every month.

Semantic Location History data can now be fully parsed by Oxygen Forensic® Detective when the Google Takeout file is imported. Semantic Location History files contain detailed information about the account owner’s visited locations and journeys.

Oxygen Forensic® Detective v.15.0 presents a new analysis tool – the ability to compare call and message logs extracted from a device with Call Data Records provided by mobile service providers.

This feature is useful in situations when calls or messages have been manually deleted from a device. Using this comparison tool, you can fill in the gaps and see the complete picture.

To perform the comparison, go to the Timeline section and select the “Compare call and message logs with call data records” option in the Smart Filters. Once you select the devices and CDRs for comparison, the software will show you calls and messages in one list, in chronological order.

We’ve added two enhancements:

In the Files section, you can add a face from a video frame to a face set that can be used to search faces in extracted evidence.

We’ve added a multi-thread facial categorization using both CPU and GPU. You can choose a number of threads on the Advanced analytics tab in the software “Options” menu.

You can now run a search in file metadata on the Text, Keywords, and RegExp tabs of the Search section. This option is also included in search templates.