Oxygen Forensic® Detective v.16
This version introduces the following key features:
- APK Downgrade support for Android OS 12 – 13
- Decryption and extraction of VeraCrypt containers
- Passcode brute force for Apple Notes and Briar app
- Cloud extraction of Clubhouse, Bumble, and Google Messages
- New categories in the Image Categorization engine
Mobile Forensic Updates
In Oxygen Forensic® Detective v.16.0, we added the ability to extract hardware keys and decrypt physical dumps of Xiaomi devices based on the Qualcomm SDM439 chipset. Xiaomi Redmi 7A, Xiaomi Redmi 8, and Xiaomi Redmi 8A devices running Android OS 7 or higher are now supported.
We also added support for the devices based on the UNISOC T606, T616, T612, and T310 chipsets and running Android OS 10 – 13. Now you can extract hardware keys based on these chipsets to decrypt physical dumps of many HTC, Motorola, Nokia, Realme, ZTE, and other devices.
Our APK Downgrade method allows the extraction of popular apps by temporarily downgrading app versions so that they are included in the ADB backup. In Oxygen Forensic® Detective v.16.0, we added support for Android OS versions 12 and 13. Now you can extract data from many more Android devices using this method. With our support for WhatsApp, Instagram, Facebook, Twitter, and 40 other supported apps, you will have access to much more critical evidence.
Our APK Downgrade method allows the extraction of popular apps by temporarily downgrading app versions to include them in the ADB backup. In Oxygen Forensic® Detective v.16.0, we added support for Android OS versions 12 and 13. Now you can extract data from many more Android devices using this method. With our support for WhatsApp, Instagram, Facebook, Twitter, and 40 other supported apps, you will have access to much more critical evidence.
We significantly enhanced the ability to extract full file system and keychain via the iOS Agent. Now you can extract them from devices with iOS versions 14.6 – 14.8.1, 15.6 – 15.7.1, and 16.0 – 16.5.
We added passcode brute force for encrypted Apple Notes and the Briar app.
If an Apple Note is encrypted, you can click the Enter passcode button on the toolbar of the Apple Notes section and brute force the passcode using our various available attacks.
You can now brute force the passcode for the Briar app installed on Android devices. This functionality is available in the Full File System extraction method.
We added support for the following new apps:
- Threads (Android, iOS)
- TikTok Lite (Android)
- TanTan (Android, iOS)
- 1Password (Android, iOS)
The total number of supported app versions now exceeds 40,000.
In Oxygen Forensic® Detective v.16.0, we added the ability to import the following images:
- Physical dumps of Xiaomi Redmi 7A/8/8A based on the Qualcomm SDM439 chipset
- Physical dumps of the UNISOC T606/T616/T612, and T310 chipsets
- XRY backups of versions 10.3.1 and newer
Additionally, you can now select artifacts to import and analyze from Oxygen Forensic® KeyScout extractions. This is a great time-saving feature as you do not need to import the whole extraction anymore.
Cloud Forensic Updates
Bumble is another new service added in Oxygen Forensic® Detective v.16.0. Data extraction from this dating app is supported via phone number or token. Extracted evidence will include profile info, contacts, messages, and album photos.
Launched in 2020, Clubhouse currently has over 10 million weekly active users. The latest Oxygen Forensic® Cloud Extractor enables data extraction from Clubhouse via phone number or token. The extracted data set includes account info, contacts, audio messages and replays, chats, notifications, and information about the houses.
Now you can also extract Google Messages from the cloud. Use a token or scan a QR code with a mobile device to gain access to this cloud service. The evidence set will include information about the account owner, SIM cards, contacts, as well as private and group chats.
With this version, the total number of supported cloud services is now 105.
We added the ability to recover deleted files from FAT16, FAT32, and exFAT file systems. To do so, select the “Recover deleted files” option in the KeyScout Search settings,then, select drives and partitions where you want to recover deleted files.
The updated Oxygen Forensic® KeyScout can now extract VeraCrypt encryption keys from Windows RAM. With a found VeraCrypt encryption key drive, partitions and separate file containers can be decrypted.
The key features of this functionality include:
- Support for standard and hidden containers
- Detection of drives, partitions, or file containers protected with VeraCrypt
- Extraction of VeraCrypt encryption keys of any versions
- Support for all 15 VeraCrypt encryption algorithms
In addition to VeraCrypt encryption keys, drives and partitions can be decrypted with a known password in Oxygen Forensic® KeyScout.
The updated Oxygen Forensic® KeyScout enables users to collect the following new artifacts:
- Installed Homebrew packages from macOS
- Shim Cache from Windows
- The information about permissions that were given to applications on Windows
- NordVPN from Windows, macOS, and GNU/Linux
- PureVPN from Windows, macOS, and GNU/Linux
- VLC Media Player from Windows, macOS, and GNU/Linux
- A paid version of ViPole from Windows, macOS, and GNU/Linux
- Telegram stories from macOS
Moreover, we added decryption of Viber databases from macOS and WhatsApp databases from Windows images.
Data Analytic Tools Updates
We enhanced our analytical sections with two features:
- New categories are added to the Image Categorization section: medical, meme, offensive gesture, and schematic.
- A new smart filter now allows showing events before and after those events marked with a particular tag in the Timeline section.
Interested in Oxygen Forensic® Detective? Get a 15-day free trial.