Top 10 Analytic Tools Available in Oxygen Forensic® Detective.

May 22, 2024

Digital forensic analytic tools are important for investigators due to the increasing use of computers and mobile devices by offenders when committing crimes.

Analytic tools are useful in helping put the pieces of a case together while providing an in-depth analysis and examination that can be used in court proceedings.

Analytic tools available in Oxygen Forensic® Detective

At Oxygen Forensics we saw the benefit of providing software that not only offered the ability to extract data from digital devices but also provided integrated analytic tools.

In 2010, we introduced Timeline, our first analytic tool. Today we offer 10 analytic tools at no additional cost.

Timeline

  • Events
  • Geo Location
  • Filter
  • Activity Matrix
  • Smart Filters

Go to this section →

Social Graph

  • Contacts
  • Drag and Drop Feature
  • Contact Paths

Go to this section →

Image Categorization
Facial Categorization
Key Evidence

  • Bookmark
  • Tags
  • Create Tags

Go to this section →

Optical Character Recognition
*New* Translation module

Timeline

Our Timeline section provides a view of all device events in a single list. The Timeline tool allows investigators to view events and geo coordinates, filter data, and track activity through the activity matrix.

Learn how to use this feature →

Events

Events that can be viewed include:

  • Chats within apps
  • Calls
  • Web activity
  • Web connections
  • Photos
  • Videos
  • Calendar events

Events can be viewed for one device or a group of devices, allowing easy identification of common group activities.

Geo Location

The Geo locations tab contains the full list of geo coordinates from all the sources that include photos, videos, apps, drone flight logs, and more.

Filter

Sort and filter by date, time, activity frequency, contact, remote party, or other data points to focus only on the most relevant data.

Activity Matrix

In addition, the Activity matrix helps to detect when the device was most used.

Smart Filters

This feature is designed to make investigations more efficient and insightful by offering a variety of intuitive filters which helps narrow Timeline searches.

The Oxygen Forensic® Detective analytic tool, Timeline, being used to view events on mobile devices.

Social Graph

The built-in Social Graph provides a convenient platform to explore social connections between a device owner, contacts, or between devices.

Learn how to use the Social Graph tool →

Contacts

Using the Social Graph, investigators can identify the device owners’ closest contacts in one  click. Click on any contact to open a card containing detailed information about the selected contact and all communications across device sources.

Drag and Drop

The Social Graph interface is dynamic and agile. Investigators can drag and drop to move, hide, or merge contacts while producing a crystal clear view of device and case connections.

Define Contact Paths

It is also possible to define the shortest path between selected contacts. This capability allows investigators to visually see that the device owner did not speak directly to someone, but spoke to a contact, who spoke to another, and then spoke to the identified target.

Social Graph, tool offered in Oxygen Forensic® Detective, being used to identify contacts and the messages that were sent with the device.

Image Categorization

Oxygen Forensic® Detective provides the ability to categorize images from different classes:

  • Aircraft
  • Alcohol
  • Chat
  • Child abuse
  • Credit cards
  • Currency
  • Documents
  • Drugs
  • Extremism
  • Gambling
  • Graphic violence
  • ID
  • Maps
  • Medical
  • Meme
  • Nudity
  • Offensive gesture
  • Pornography
  • QR / Barcodes
  • Schematic
  • Tattoos
  • Vehicles
  • Weapons

Our Image Categorization tool is available when importing device data and also on previously-imported extractions.

Screenshot of all the images that are tagged as a weapons category in image categorization

Facial Categorization

Oxygen Forensic® Detective offers investigators the ability to categorize human faces with the facial categorization tool.

The facial categorization tool is available in the Faces section. The unique features include:

  • Detailed face analytics (gender, age, accessories)
  • Detecting similar faces and “familiar with” people
  • Multi-thread categorization using CPU and GPU
  • Support for massive volumes of data

When investigators use this tool, they will save valuable time when looking through thousands of photos or videos in mobile, cloud, or drone extractions.

Learn how to use Facial Categorization tool →

Using the Facial Categorization tool to identify faces in a devices photos

Maps

Oxygen Forensic® Detective acquires geo coordinates from all possible sources including mobile devices, drones, cloud storage, media cards, and imported images.

Once analyzed, the data can be viewed within our Maps, either online or offline.

The Maps module includes the ability to:

  • Identify a device’s frequently visited places
  • Pinpoint common locations of several devices
  • Visualize a device’s movements within specific periods of time
  • Play an animated route showing the direction of travel
  • Analyze geo activity on the Activity Matrix

Learn more about our Maps tool →

 

Using the Maps forensic tool to get the locations where the offender used the device

Data Search

Oxygen Forensic® Detective allows investigators to search across a single device, all the devices in a case, or all the devices in a database.

Investigators can search by:

  • Texts
  • Phone numbers
  • Email addresses
  • Geo-coordinates
  • IP addresses
  • MAC addresses
  • Credit card numbers
  • File hashes including Project VIC
  • Hex lists
  • Regular expressions
  • Keywords
  • Face sets

Moreover, there are  four (4) ways a search can be done: in parsed data, in files, in file metadata, and in file content such as SQLite databases.

Learn more about Data Search tool →

 

Window of the forensic analytic tool, Data Search, offered in Oxygen Forensic® Detective, that allows investigators to search across a device

Key Evidence

The Key Evidence section displays all records that have been bookmarked in other sections by the investigator. This section is where all entries identified as relevant to a case are found, making data analysis easier and saving valuable time.

Bookmark

Investigators can bookmark important evidence in a single device, or several devices, and export it later to one data report.

Tags

Oxygen Forensic® Detective also offers a number of predefined tags, including: nudity, weapon, guns, important, and several others.

Create Tags

Investigators can also create and set their own tags and export entries to data reports by  simply selecting the relevant tags.

Learn more about how to tag Key Evidence →

Function in Oxygen Forensic® Detective that allows investigators to extract data from a device and tag or bookmark the data that is considered key evidence

Optical Character Recognition

Optical Character Recognition (OCR) automatically identifies typed, handwritten, or printed text located within an image and converts it into machine-encoded text. Whether it’s from a scanned document, a photo of a document, a screenshot of a conversation, or an image with subtitles, it can be converted into text.

Using the built-in automated OCR module, investigators can easily conduct searches for words located in images. This is done by converting images containing text to allow for recognizable searchable characters.

This feature is an incredible time-saver, as investigators no longer need to manually search image data for possible evidentiary material. The OCR tool becomes even more useful when dealing with large backups, taking little time to recognize and convert all text from images and screenshots on the device.

Learn more about the OCR module →

 

Oxygen Forensic® Detective window with the OCR section

Statistics

Oxygen Forensic® Detective offers investigators a Statistics section that shows detailed statistics about the extraction:

  • Activity chart
  • Activity matrix
  • Top 10 applications with the greatest number of communications
  • Top 10 groups
  • Top 10 contacts
  • First contacted
  • Last contacted
  • Key Evidence with tags and notes

 

Learn how to use the Statistic module →

 

Statistics that allows investigators to view statistics across all groups, applications, and contacts

Translation module

The Translation module is our latest addition and is available at no additional charge. To start using it, go to your Customer Area, download the Oxygen TextTranslate add-on and install it. Once you’ve installed it, it works off-line, so there’s no need to have internet access to use it. The list of supported languages will appear in the Options/Translations menu of Oxygen Forensic® Detective.

The following languages are supported:

  • Arabic
  • Belorussian
  • Bengali
  • Chinese Simplified
  • Chinese Traditional
  • Dutch
  • English
  • Farsi
  • French
  • German
  • Hindi
  • Italian
  • Polish
  • Portuguese
  • Russian
  • Spanish
  • Turkish
  • Ukrainian
  • Vietnamese

Translations can be done in the Messages, Timeline, and Applications sections.

Learn more about the Translation module →

Screenshot of using the Translation tool to translate extracted digital data available in Oxygen Forensic Detective

 

Get started.