About Oxygen Corporate Explorer v.1 Updates.

Now, once the Remote Device Collector is installed on the endpoint and its shortcut is created, it can be manually started anytime by the user. The user can connect a mobile device and extract data. In the previous version of the Remote Device Collector, device registration and data extraction were managed by the Admin only.

There are now two types of endpoint device registration. Previously, a mobile device could only be assigned to a particular endpoint. With this new version, the mobile device may have a Roaming status, allowing it to be extracted on any registered endpooint. The device registration status will be shown in the Hostname column in the Agent Management Center.

We added the ability to recover deleted files from FAT16, FAT32, and exFAT file systems. To do so, select the “Recover deleted files” option in the KeyScout Search settings, then select drives and partitions where you want to recover deleted files.

Oxygen Corporate KeyScout can now extract VeraCrypt encryption keys from Windows RAM. With a found VeraCrypt encryption key drive, partitions and separate file containers can be decrypted.

Key features of this functionality include:

• Support for standard and hidden containers
• Detection of drives, partitions, or file containers protected with VeraCrypt
• Extraction of VeraCrypt encryption keys of any versions
• Support for all 15 VeraCrypt encryption algorithms

In addition to VeraCrypt encryption keys, drives, and partitions can be decrypted with a known password in Oxygen Corporate KeyScout.

The updated Oxygen Corporate KeyScout enables users to collect the following new artifacts:

• Installed Homebrew packages from macOS
• Shim Cache from Windows
• The information about permissions that were given to applications on Windows
• NordVPN from Windows, macOS, and GNU/Linux
• PureVPN from Windows, macOS, and GNU/Linux
• VLC Media Player from Windows, macOS, and GNU/Linux
• A paid version of ViPole from Windows, macOS, and GNU/Linux
• Telegram stories from macOS

Moreover, we added decryption of Viber databases from macOS and WhatsApp databases from Windows images.

In Oxygen Corporate Explorer v.1.2, we added the ability to extract hardware keys and decrypt physical dumps of Xiaomi devices based on the Qualcomm SDM439 chipset. Xiaomi Redmi 7A, Xiaomi Redmi 8, and Xiaomi Redmi 8A devices running Android OS 7 or higher are now supported.

We also added support for the devices based on the UNISOC T606, T616, T612, and T310 chipsets and running Android OS 10 – 13. Now you can extract hardware keys to decrypt physical dumps of many HTC, Motorola, Nokia, Realme, ZTE, and other devices based on these chipsets.

Our APK Downgrade method allows extraction of popular apps by temporarily downgrading app versions so that they are included in the ADB backup. In Oxygen Corporate Explorer v.1.2, we added support for Android OS versions 12 and 13. You can extract data from many more Android devices using this method. With our support for WhatsApp, Instagram, Facebook, Twitter, and 40 other supported apps, you will have access to much more critical evidence.

You can now quickly collect Samsung Browser data from any unlocked Android device using our Android Agent. It can be installed on a device via USB, WiFi, or OTG device. Once the acquisition process is finished, the extraction can be imported into Oxygen Corporate Explorer for review and analysis. The evidence set will include saved logins, passwords, history, bookmarks, downloads, and other available data.

We significantly enhanced the ability to extract full file system and keychain via the iOS Agent. Now you can extract them from devices with iOS versions 14.6 – 14.8.1, 15.6 – 15.7.1, and 16.0 – 16.5.

We added support for the following new apps:

• Threads (Android, iOS)
• TikTok Lite (Android)
• TanTan (Android, iOS)
• 1Password (Android, iOS)

We also added passcode brute force for encrypted Apple Notes and the Briar app.

The total number of supported app versions now exceeds 40,000.

In Oxygen Corporate Explorer, we added the ability to import the following images:

• Physical dumps of Xiaomi Redmi 7A/8/8A based on the Qualcomm SDM439 chipset
• Physical dumps of the UNISOC T606/T616/T612, and T310 chipsets
• XRY backups of versions 10.3.1 and newer

Additionally, you can now select artifacts to import and analyze from Oxygen Corporate KeyScout extractions. This is a great time-saving feature as you do not need to import the whole extraction anymore.

The latest Oxygen Forensic^® Cloud Extractor enables data extraction from Clubhouse via phone number or token. The extracted data set includes account info, contacts, audio messages, replays, chats, notifications, and information about the houses.

Bumble is another new service added in Oxygen Corporate Explorer. Data extraction from this dating app is supported via phone number or token. Extracted evidence will include profile info, contacts, messages, and album photos.

Now you can also extract Google Messages from the cloud. Use a token or scan a QR code with a mobile device to gain access to this cloud service. The evidence set will include information about the account owner, SIM cards, contacts, as well as private and group chats.

We enhanced our analytical sections with two features:

• New categories have been added to the Image Categorization section: medical, meme, offensive gesture, and schematic.
• A new smart filter now allows showing events before and after those events marked with a particular tag in the Timeline section.

Ground breaking Remote Device Collector (RDC) is now available in the Agent ManagementCenter of Oxygen Corporate Explorer. You can now remotely connect any unlocked devicerunning Android OS 4 – 13 to our software and extract contacts, calls, messages, calendars, andmedia file information via Android Agent. Once the data is extracted, it can be seamlesslyimported in Oxygen Corporate Explorer for analysis and reporting. Now you can collect Androiddata quickly and efficiently, regardless of where the device is located.

Oxygen Corporate KeyScout enables users to collect the following new artifacts:

• Permissions given by macOS applications
• Background app activity from Windows
• History of recently opened files from Linux
• Secret DPAPI password from Windows
• ICQ data from Windows, macOS, and Linux
• FileZilla data from Windows, macOS, and Linux
• Spark data from Windows
• Discord data from Linux
• Discord cookies and messages from Windows and macOS

Updated artifact support includes:

• Data about network interfaces from Windows
• Event logs from Windows. Now data about VPN, BITS, and DPAPI can be collected
• Spark data from macOS

Oxygen Corporate Explorer offers extraction of hardware keys and decryption of Android devices based on the MT6833 chipset, having File-Based Encryption (FBE), and running Android OS 10-13. Our support covers Samsung, Xiaomi, Oppo, Realme, Vivo, and Motorola devices.

Additional Extractor updates

Our updated Oxygen Forensic^® Device Extractor introduces several additional enhancements:

• The ability to extract the full file system and keychain via checkm8 from Apple iOS devices with iOS version 15.7.7.
• Updated extraction via iOS Agent from iPhones running iOS versions 15.0 – 15.4.1.
• Updated Kik data extraction via Android Agent from unlocked Android devices.
• Updated data extraction via Android Agent from Huawei devices running HarmonyOS.

We added support for the following new apps:

• AWS Wickr (iOS, Android)
• Samsung Email (Android)
• Vivaldi Browser (Android)

In Oxygen Corporate Explorer, we included several enhancements for our analytical tools:

• Timeline: added a new smart filter. Now you can quickly filter and view the events that happened before and after the events marked with tags.
• Timeline: added the ability to filter by seconds, minutes, and hours in the time filter.
• Maps: added the Activity Matrix for geo coordinates. Now you can deeply analyze the geo location data and determine the peaks of user activity.

• Computer artifacts can be extracted from a live running system (Windows, macOS, Linux) and forensic disk image files (AD1, E01, L01, ZIP archives).
• Live system acquisition can be made remotely or locally by running Oxygen Corporate KeyScout on the targeted computer (Windows, macOS, Linux).
• You can collect the following:
  • System artifacts: USBSTOR, Shellbags, Prefetch, Jumplist, Task Scheduler, registry and event logs, macOS  file system events and preferences, and more.
  • User data from messengers, social media, storages, web browsers, and other apps such as: WhatsApp, Slack, Skype, Viber, Dropbox, Microsoft Teams, Outlook, iCloud Drive.
  • Capture volatile memory (RAM) and save it in RAW format compatible with Volatility and other memory analysis utilities.

• Utilize the credentials to quickly access and download cloud-based data within a specified time period.
• Extract evidence from a great variety of cloud services:
  • Messengers and social media: Slack, WhatsApp, Telegram, Viber, Zoom, LinkedIn, Chatwork, Flock, Teams, and others.
  • Emails: Mail (IMAP), Google Mail, Outlook Mail, Secmail.
  • Storages: Dropbox, Amazon EC2,  Amazon S3, iCloud, OneDrive, Google Drive, Box, MEGA, and more.
  • Business such as: Evernote, Apple Calendar, Safari, Google Tasks, Google Calendars.

• Run fast and targeted data collections from unlocked iPhones, iPads, and various Android devices to extract contacts, communications, event history, locations, deleted records, and more.
• Utilize advanced screen lock bypass methods for Samsung, Huawei, Xiaomi, Motorola, Oppo,  and other Android-powered devices.
• Import and parse device backups (iTunes, Samsung, Huawei) and other third-party mobile images.
• Decrypt data from secure apps and device storages including Apple Notes, Wickr, Signal, Vault apps, Huawei PrivateSpace, Samsung Secure Folder, and others.

• Analyze computer, mobile, and cloud extractions in one case.
• Track down the timeline of events and gain quick insights into the user statistics.
• Determine social connections between contacts.
• Run facial and image categorization, and Optical Character Recognition.
• Visualize visited and common locations on the map.
• Search artifacts in extracted data by various criteria.
• Export data to various file formats compatible with other tools.