About Oxygen Forensic® Detective v.16 Updates.

You can now extract public data via iOS Agent from Apple iOS devices with versions 12 and higher. Public data includes device information, contacts, calendar events, photos, media files, and shared files. This method is recommended when full file and keychain extraction is not supported or cannot be done.

We added several enhancements to our extraction methods:

• Added extraction of iOS 17 devices via iTunes backup procedure.
• Extractions are now much easier with animated instructions incorporated in the checkm8 method.
• Android KeyStore extraction is now supported for devices with pre-installed Android OS 13.
• Updated ability to extract WhatsApp, WhatsApp Business, Discord, Viber, and Google Chrome data via Android Agent.
• Using Android Agent, you can now re-extract data protected with a passcode if the first attempt fails.

We added support for the following new apps:

• Bumble (Android, iOS)
• Todoist (Android, iOS)
• Samsung My Files (Android)
• Gmail Go (Android)

The total number of supported app versions now exceeds 41,200.

In Oxygen Forensic^® Detective v.16.0.1, we added the following functionality:

• Import and decryption of physical images of Honor 7S and Huawei Y5 devices.
• Extraction of metadata from UFED extractions of CLBX format.

We also updated support for MTK-based devices having TEE T6.

In Oxygen Forensic^® Detective v.16.0.1, we added the following functionality:

• Import and decryption of physical images of Honor 7S and Huawei Y5 devices.
• Extraction of metadata from UFED extractions of CLBX format.

We also updated support for MTK-based devices having TEE T6.

The updated Oxygen Forensic^® KeyScout enables users to collect the following new artifacts:

• IrfanView app from Windows
• KMPlayer from Windows
• Dropbox from GNU/Linux
• The creation and modification dates of APFS partitions
• The serial number of a macOS computer
• The history of the user logins on macOS
• Information about trusted documents and locations stored in MS Office apps
• Information about documents printed with CUPS (Common UNIX Printing System) from macOS and GNU/Linux
• Information about bookmarks and sessions of web browsers based on the Blink engine

Additionally, you can now  decrypt user passwords extracted from FileZilla Client as well as logins and passwords saved in the system VPN client.

In Oxygen Forensic^® Detective v.16.0, we added the ability to extract hardware keys and decrypt physical dumps of Xiaomi devices based on the Qualcomm SDM439 chipset. Xiaomi Redmi 7A, Xiaomi Redmi 8, and Xiaomi Redmi 8A devices running Android OS 7 or higher are now supported.

We also added support for the devices based on the UNISOC T606, T616, T612, and T310 chipsets and running Android OS 10 – 13. Now you can extract hardware keys based on these chipsets to decrypt physical dumps of many HTC, Motorola, Nokia, Realme, ZTE, and other devices.

Our APK Downgrade method allows the extraction of popular apps by temporarily downgrading app versions so that they are included in the ADB backup. In Oxygen Forensic^® Detective v.16.0, we added support for Android OS versions 12 and 13. Now you can extract data from many more Android devices using this method. With our support for WhatsApp, Instagram, Facebook, Twitter, and 40 other supported apps,  you will have access to much more critical evidence.

Our APK Downgrade method allows the extraction of popular apps by temporarily downgrading app versions to include them in the ADB backup. In Oxygen Forensic^® Detective v.16.0, we added support for Android OS versions 12 and 13. Now you can extract data from many more Android devices using this method. With our support for WhatsApp, Instagram, Facebook, Twitter, and 40 other supported apps,  you will have access to much more critical evidence.

We significantly enhanced the ability to extract full file system and keychain via the iOS Agent. Now you can extract them from devices with iOS versions 14.6 – 14.8.1, 15.6 – 15.7.1, and 16.0 – 16.5.

We added passcode brute force for encrypted Apple Notes and the Briar app.

If an Apple Note is encrypted, you can click the Enter passcode button on the toolbar of the Apple Notes section and brute force the passcode using our various available attacks.

You can now brute force the passcode for the Briar app installed on Android devices. This functionality is available in the Full File System extraction method.

We added support for the following new apps:

• Threads (Android, iOS)
• TikTok Lite (Android)
• TanTan (Android, iOS)
• 1Password (Android, iOS)

The total number of supported app versions now exceeds 40,000.

In Oxygen Forensic^® Detective v.16.0, we added the ability to import the following images:

• Physical dumps of Xiaomi Redmi 7A/8/8A based on the Qualcomm SDM439 chipset
• Physical dumps of the UNISOC T606/T616/T612, and T310 chipsets
• XRY backups of versions 10.3.1 and newer

Additionally, you can now select artifacts to import and analyze from Oxygen Forensic^® KeyScout extractions. This is a great time-saving feature as you do not need to import the whole extraction anymore.

Bumble is another new service added in Oxygen Forensic^® Detective v.16.0. Data extraction from this dating app is supported via phone number or token. Extracted evidence will include profile info, contacts, messages, and album photos.

Launched in 2020, Clubhouse currently has over 10 million weekly active users. The latest Oxygen Forensic^® Cloud Extractor enables data extraction from Clubhouse via phone number or token. The extracted data set includes account info, contacts, audio messages and replays, chats, notifications, and information about the houses.

Now you can also extract Google Messages from the cloud. Use a token or scan a QR code with a mobile device to gain access to this cloud service. The evidence set will include information about the account owner, SIM cards, contacts, as well as private and group chats.

With this version, the total number of supported cloud services is now 105.

We added the ability to recover deleted files from FAT16, FAT32, and exFAT file systems. To do so, select the “Recover deleted files” option in the KeyScout Search settings,then, select drives and partitions where you want to recover deleted files.

The updated Oxygen Forensic^® KeyScout can now extract VeraCrypt encryption keys from Windows RAM. With a found VeraCrypt encryption key drive, partitions and separate file containers can be decrypted.

The key features of this functionality include:

• Support for standard and hidden containers
• Detection of drives, partitions, or file containers protected with VeraCrypt
• Extraction of VeraCrypt encryption keys of any versions
• Support for all 15 VeraCrypt encryption algorithms

In addition to VeraCrypt encryption keys, drives and partitions can be decrypted with a known password in Oxygen Forensic^® KeyScout.

The updated Oxygen Forensic^® KeyScout enables users to collect the following new artifacts:

• Installed Homebrew packages from macOS
• Shim Cache from Windows
• The information about permissions that were given to applications on Windows
• NordVPN from Windows, macOS, and GNU/Linux
• PureVPN from Windows, macOS, and GNU/Linux
• VLC Media Player from Windows, macOS, and GNU/Linux
• A paid version of ViPole from Windows, macOS, and GNU/Linux
• Telegram stories from macOS

Moreover, we added decryption of Viber databases from macOS and WhatsApp databases from Windows images.