About Oxygen Forensic® Detective v.16 Updates.

June 04, 2024

Oxygen Forensic® Detective v.16 updates include new updates to analysis and analytic tools, KeyScout, Device Extractor, supported apps, expansion of cloud support, and more.

For a full list of updates, refer to the “What’s New” file in the Oxygen Forensic® Detective “Options” menu.

16.0 16.0.1 16.1 16.1.1 16.2 16.3

Oxygen Forensic® Detective v.16.3

Download PDF

 

This Oxygen Forensic® Detective update introduces the following key features:

  • Malware scan of extracted files
  • Analysis of custom-built drones
  • Import of X (Twitter) archives
  • Selective facial categorization
  • Support for MT6750 and MT6855 chipsets

General

Malware scan of extracted files

The ability to scan extracted files and email databases for malware is now available to all users at no additional charge.

Identifiable threats include:

  • Adspy
  • Backdoor
  • Constructor
  • Dialer
  • Dropper
  • Exploit
  • Heuristic
  • Phishing
  • Riskware
  • Trash
  • Trojware
  • Virware
  • Worm

After configuring the malware scan options in the Options section, you can initiate a malware scan in the Malware section of the selected extraction. The results will appear on the toolbar, displaying the scanned file status, identified threats, scan start time, and other relevant details.

Learn more about the malware scan →

Mobile Forensic Updates

Support for Snapdragon chipsets

We’ve added support for screen-locked Android devices based on the SDM665, SDM675, SDM730, and SDM855 chipsets. The list of supported devices includes many models released before 2020: Lenovo Z6 Pro, LG Q70, Sony Xperia 1, Xiaomi Mi A3, Xiaomi Redmi Note 7 Pro, Xiaomi Mi 9T, Xiaomi Mi 9, and many others.

Support for Omix and Reeder devices

Oxygen Forensic® Detective v.16.3 brings support for screen-locked Omix and Reeder devices based on the MTK and UNISOC chipsets.

New supported devices include:

  • Omix X7
  • Omix X5
  • Omix X700
  • Omix X600
  • Reeder P13 Blue Max
  • Reeder P13 Blue

View all supported models →

Support for the MT6750 and MT6855 chipsets

We’ve added support for screen-locked Android devices based on the MT6750 and MT6855 chipsets and running Android OS 10 and higher. This update covers 190 Android devices of various manufacturers.

Extraction of WhatsApp communities via Android Agent

Oxygen Forensic® Detective v.16.3 allows extraction of the communities from WhatsApp and WhatsApp Business via Android Agent. You can choose to extract all the communities or selected communities only.

Saving card memory dumps to E01

Now extracted physical dumps of memory cards can be saved to E01 format at the end of the extraction in Device Extractor.

Checkm8 method enhancements

Several enhancements have been made to this method:

  • Users can now switch directly into DFU if the iOS version is known, without switching a device to the Recovery Mode.
  • We’ve also added the instructions on how to switch a device into DFU using test points.

Cloud Forensic Updates

Steam extraction enhancements

We’ve made two significant enhancements:

  • Steam private and group chats can now be extracted.
  • Authorization by scanning a QR code is added.

Computer Artifacts

Search plain text files by file signatures

In certain cases extensions of plain text files might be deleted or altered by a user. Oxygen Forensic® Detective v.16.3 introduces two options how these files can be identified:

  1. Choose the “Select file type by content” box on the General tab of KeyScout.
  2. Alternatively you can select the File signature option for plain text files on the Files tab of KeyScout.

New artifacts

The following new computer artifacts are supported:

  • List of installed applications from NTUSER.dat file (Windows)
  • Information about packages installed by Pacman (GNU/Linux)
  • Supported applications from the Arch Linux distribution
  • Passwords from 1Password (Windows, macOS, GNU/Linux)
  • Passwords from DuckDuckGo (macOS)
  • Microsoft Defender (Windows)
  • Transmission Torrent client (Windows, macOS, GNU/Linux)
  • Microsoft Photos (Windows)
  • Microsoft Sticky Notes (Windows)
  • Apple Weather (macOS)
  • Spark installed from the App Store (macOS)
  • NordVPN installed from the App Store (macOS)
  • Facebook Messenger installed from the App Store (macOS)
  • Additional data from AnyDesk (Windows, macOS, GNU/Linux)
  • Additional data from Opera (Windows, macOS, GNU/Linux)

Drone Forensic Updates

Analysis of custom-built drones

PX4 Autopilot is an open-source flight control system oriented for drones and other uncrewed vehicles. Now you can analyze the flight history of custom-built drones based on the PX4 controller by importing their ULog logs in Oxygen Forensic® Detective. Parsed data will include the drone information, home points, global and GPS points, sensors data and journals.

Import

Import of X (Twitter) archives

Oxygen Forensic® Detective v.16.3 allows the import and parsing of X (Twitter)  archives that can be downloaded following official X instructions. Parsed data will include contacts, group messages, direct messages, deleted tweets, followers, following, blocked users, search history, and other categories.

Data Analysis Updates

Selective facial categorization

We’ve added a Facial Categorization Wizard that allows the selection of specific file folders for facial categorization. With customizable file filter criteria encompassing file types, specific folders, and file sizes, this feature significantly speeds up the processing of files through our facial categorization engine.

Translation module updates

The following languages have been added to our Translation module: Estonian, Hebrew, Latvian, Lithuanian, Nepali, Norwegian, Romanian, and Urdu. Overall, 27 languages are now supported.

Oxygen Forensic® Detective v.16.2

Download PDF

 

This Oxygen Forensic® Detective update introduces the following key features:

  • Enhanced support for UNISOC-based devices
  • Import of Apple Warrant Returns
  • Steam data extraction
  • Passcode brute force for 7-ZIP archives and iTunes backups
  • Preliminary data export

Mobile Forensic Updates

Enhanced support for UNISOC-based devices

Added support for screen-locked Samsung devices based on the Unisoc SC9863A chipset and running Android OS 10-13. We’ve also significantly accelerated data extraction from UNISOC-based Android devices. Our tests show extraction speeds 7-8 times faster than before.

View all supported device extraction methods →

Support for the MT6781 and MT6877 chipsets

Added support for two more Mediatek chipsets – MT6781 and МТ6877. You can extract hardware keys and decrypt physical dumps of screen-locked devices running Android OS 10 or higher. Supported models include Xiaomi Redmi Note 12S, Xiaomi Redmi Note 11S 4G, Xiaomi Redmi Note 12 Pro+, Realme 8i, Samsung Galaxy M53 5G, Samsung Galaxy Quantum 3, Samsung Galaxy A34 5G, and more.

View all supported device extraction methods →

Extended support for Qualcomm-based Samsung devices

Extract evidence from screen-locked Samsung devices based on the Qualcomm Snapdragon SDM845 chipset. Supported models include Samsung Galaxy Note 9, Samsung Galaxy S9 and Samsung Galaxy S9+.

View all supported device extraction methods →

Extraction of the second WhatsApp account via Android Agent

Extract second authorized account of WhatsApp or WhatsApp Business on an Android device using Android Agent. Evidence set will include contacts, calls, and chats.

Spoiler title

Extract full file system via checkm8 from iPads running iOS 16. The following models and iOS versions are supported:

  • iPad 7th gen: iOS 13.1 – 16.7.5
  • iPad 6th gen: iOS 13.0 – 16.7.5
  • iPad 5th gen: iOS 12.4 – 16.7.5

Cloud Forensic Updates

Steam cloud data extraction

Extract evidence from Steam, a video game digital distribution service, from the cloud via login/password or token. Supported artifacts include the account information, contacts, products, reviews, groups, group discussions, group events, group announcements, and group comments.

Learn more about Steam extraction →

Computer Artifacts

Passcode brute force module

Enhanced Oxygen Forensic® KeyDiver capabilities to find passcodes to:

  • encrypted iTunes backups
  • encrypted 7-ZIP archives

Attack methods can be created using a dictionary, mask, or a user’s personal data from an extraction.

Search by file signatures

Search Microsoft Office files by file signatures selecting this option in the Files tab of Oxygen Forensic® KeyScout. This feature might be useful when extensions of Microsoft Office files are altered or deleted by a user.

New artifacts

The following new computer artifacts are supported:

  • Steam (Windows, macOS, GNU/Linux)
  • BitTorrent (Windows)
  • 1Password (Windows, macOS, GNU/Linux)
  • Box Drive (Windows, macOS)
  • Box Tools (Windows, macOS)
  • Web version of Box (Windows, macOS, GNU/Linux)

Updated artifacts include:

  • Event log (Windows)
  • WhatsApp (mac-OS)

General

Enhanced Chats View

Enhancements  to the Chats View, focusing on improved visualization of forwarded and replied chats, as well as chat statuses and chat filtering. These enhancements are also included in the export of chats.

Import

Import of Apple Warrant Returns

Import and parse Apple Warrant Returns. Parsed data will include contacts, calendars, notes, messages, reminders, photos, iCloud Drive, Find My Friends, and other available data.

Other import updates

Import improvements include:

  • A separate import of Apple Keychain is now available. Parsed keychain data can be found in the Accounts and Passwords section as well as in the Applications section of Oxygen Forensic®
  • Import and parse VDI images of Android extractions.
  • Parsing of logical MD-Next extractions.

Export

Preliminary data export

Preliminary reports can be generated including the following data:

  • Device/case info
  • Categories and number of artifacts
  • Applications and number of artifacts for each application
  • First and last contacted contacts
  • Last communication by the owner
  • Last elements on the Timeline
  • Key Evidence data

To run this type of data export, right click on extraction in the device tree and choose the “Pre-export data” option. This feature might be useful if an investigator needs a basic report to kickstart an investigation or to compare the number of artifacts provided by different extraction methods.

Oxygen Forensic® Detective v.16.1.1

Download PDF

 

This Oxygen Forensic® Detective update introduces the following key features:

  • Support for Qualcomm Snapdragon 845/710 chipset
  • App extraction via Android Agent from Android OS 14 devices
  • Reddit cloud data extraction
  • Extraction of μTorrent data from Windows
  • Parsing of Weather, Files, and Alarms iOS apps

Mobile Forensic Updates

Support for the Qualcomm Snapdragon 845/710 chipset

Oxygen Forensic® Detective v.16.1.1 introduces support for the Qualcomm Snapdragon 845/710 chipset. You can extract data from screen-locked Android devices based on this chipset and running Android OS 7 or higher. Supported models include Google Pixel 3, HTC Exodus 1, LG Velvet 4G, LG G7 ThinQ, Motorola One Fusion, Nokia 9 PureView, OPPO Find X, Realme 3 Pro, Sony Xperia XZ2, Xiaomi Black Shark, Xiaomi Mi 8, ZTE Axon 9 Pro, and others.

View all supported device extraction methods →

Support for the MT6771 and МТ6873 chipsets

We added support for two more Mediatek chipsets – MT6771 and МТ6873. You can extract hardware keys and decrypt physical dumps of screen-locked Android devices that include the following models:  BQ 6430L Aurora, Gionee X50, Honor Play 4, Huawei Enjoy Z 5G, Nokia 5.1 Plus, OPPO Reno4 Z 5G, Philips S688, ZTE Blade 10 Prime, and more.

View all supported device extraction methods →

Enhanced Android Agent method

You can now extract app data via Android Agent from devices running Android OS 14.0. Android Agent can be installed on a device via USB, WiFi, or OTG device. Once the acquisition process is finished, the Android Agent extraction can be imported into Oxygen Forensic® Detective for review and analysis.

New App support

We added support for the 3 pre-installed iOS apps with the following categories:

  • Weather app:
    • Last location
    • Favorite places
    • Search results
    • Cache
  • Files app:
    • Folders
    • Files
    • Cache
  • Alarms app:
    • Alarms
    • Timers
    • Bedtime

Moreover, we have added data parsing of CapCut app for Android and Apple iOS devices. The total number of supported app versions now exceeds 45,200.

Cloud Forensic Updates

Reddit cloud data extraction

Now you can extract evidence from Reddit cloud via login/password or token. Supported artifacts include the account information, chats, posts, subreddits, notifications, reactions, comments, subscriptions, and blocked users.

Learn more about Reddit extraction →

Computer Artifacts

New artifacts

The following new computer artifacts are supported:

Updated artifacts include:

  • Facebook Messenger (Windows and macOS)
  • Microsoft Outlook (Windows)

We also added support for the new encryption algorithm of Viber (Windows).

General

Updated Translation module

We updated our Translation module and added support for 5 new languages: Turkish, Farsi, Polish, Ukrainian, and Belarusian. The Translation module is available at no additional charge to all the users.

Learn more about our translation module →

Oxygen Forensic® Detective v.16.1

Download PDF

 

This Oxygen Forensic® Detective update introduces the following key features

  • Passcode brute force for computer partitions and applications
  • Integrated translation tool
  • Import of Instagram account copy
  • Support for the UNISOC SC9863A chipset
  • Access to the WhatsApp QR Multi-Device service via phone number

General

Integrated translation tool

A new translation tool is now integrated into Oxygen Forensic® Detective, at no additional cost. It supports 20 language pairs and allows translation of messages in the Applications, Messages, and Timeline sections. Translated messages can be also exported to data reports.

Learn more about the Translation tool →

Mobile Forensic Updates

Support for the UNISOC SC9863A chipset

Support for the UNISOC SC9863A chipset was added. You can extract data from screen-locked Android devices based on this chipset and running Android OS 10-13. Supported models include Lenovo K13, Motorola Moto E6i, Motorola Moto E7i Power, Nokia C01 Plus, Nokia C12, Realme C30s, Samsung Galaxy A04, and ZTE Blade A31.

View all supported device extraction methods →

Support for the MT6893 and MT6853 chipsets

We’ve added support for two more Mediatek chipsets – MT6893 and MT6853. You can extract hardware keys and decrypt physical dumps of screen-locked Android devices that include the following models: Huawei Enjoy 20 5G, Huawei Nova 8 SE Standard, Motorola Edge 20 lite, OPPO K9 Pro 5G, Realme GT Neo 2T, Samsung Galaxy A32 5G, Samsung Galaxy Jump, Xiaomi 11T, and ZTE S30.

View all supported device extraction methods →

Enhanced Full File System extraction for Android devices

We updated our Full File System extraction method for Android devices and it is now compatible with devices that have the Security Patch Level (SPL) no later than October 2022.

Enhanced APK Downgrade method

The list of applications supported by the APK downgrade method has been extended. The following new apps have been added:  Baidu Browser, BBM, Like, Maxthon Browser, Opera, Puffin, Shareit, Snapchat, Tiktok, Truecaller, Tumblr, Zangi, Zello, and Zoom.

Moreover, you can now see the full list of supported apps in the initial window of the APK Downgrade method.

Extraction via iOS Agent for iPads

The new version enables you to extract the full file system and keychain via iOS Agent from iPads based on the A8 – A15, M1, and M2 chipsets and running iPadOS 15.0 – 15.7.3 and 16.1 – 16.5.

New App support

We added support for the following new apps:

  • Bitwarden (Android, Apple)
  • Trello (Android, Apple)
  • Message+ (Apple)

The total number of supported app versions now exceeds 44,300.

Import Updates

Import of Instagram account copy

Oxygen Forensic® Detective v.16.1 allows the import and parsing of Instagram data that can be downloaded following these instructions. Our software supports both HTML and JSON formats of Instagram account data files. Parsed data will include the account info, chats, followers, comments, likes, Threads account data, and many other available categories.

Learn more about Importing Instagram Account Copy →

Import of FFS extractions of MDF (MD-Next)

You can now import and parse logical FFS extractions of MDF (MD-Next) software.

Cloud Forensic Updates

Access to WhatsApp QR Multi-Device service via phone number

Previously, our software enabled access to the WhatsApp QR Multi-Device service by scanning a QR code or via token. Now you can also access it via phone number. Enter the phone number in the Cloud Extractor and insert the code in the WhatsApp app on a mobile device.

Facebook data extraction via iOS token

Now you can access Facebook cloud data via Facebook token extracted from an Apple iOS device.

Computer Artifacts

Passcode brute force module

A passcode brute force module, Oxygen Forensic® KeyDiver, is now available at no additional charge. With this module you can find passcodes to decrypt encrypted partitions, files, and applications:

  • partitions protected with BitLocker
  • partitions protected with FileVault 2
  • encrypted ZIP files
  • passcode-locked Telegram app
  • encrypted Apple Notes

The list of supported partitions and applications is ever-growing.

You can create an attack method using a dictionary, mask, or a user’s personal data from an extraction.

Learn more about Oxygen Forensic® KeyDiver →

Deleted data recovery from NTFS

We added the ability to recover deleted files from NTFS if KeyScout runs with the escalated privileges. To recover deleted data from partitions, select them in the Drives and partitions section of KeyScout.

Support for AFF4 and VHDX formats

You can now import and parse computer images of AFF4 and VHDX formats. For a VHDX format, snapshots are also supported.

New artifacts

The updated Oxygen Forensic® KeyScout enables users to collect the following new artifacts:

  • information about recently used applications, documents, servers, partitions, and other objects of macOS.
  • LibreOffice data from Windows, macOS, and GNU/Linux.
  • Exodus data from Windows, macOS, and GNU/Linux.
  • Todoist data from Windows, macOS, and GNU/Linux.
  • Stories of public channels and quoted messages from Telegram for macOS.
  • OneDrive data from Windows and macOS.
  • Slack data from Windows, macOS, and GNU/Linux.

Oxygen Forensic® Detective v.16.0.1

Download PDF

 

This Oxygen Forensic® Detective update introduces the following key features:

  • Public data extraction via iOS Agent
  • Extraction of iOS 17 devices
  • Decryption of VeraCrypt containers with key files
  • Updated support for WhatsApp QR Multi-Device cloud service
  • Export of contacts to VCF format

Mobile Forensic Updates

Extraction of public data via iOS Agent

You can now extract public data via iOS Agent from Apple iOS devices with versions 12 and higher. Public data includes device information, contacts, calendar events, photos, media files, and shared files. This method is recommended when full file and keychain extraction is not supported or cannot be done.

Other Extractor Updates

We added several enhancements to our extraction methods:

  • Added extraction of iOS 17 devices via iTunes backup procedure.
  • Extractions are now much easier with animated instructions incorporated in the checkm8 method.
  • Android KeyStore extraction is now supported for devices with pre-installed Android OS 13.
  • Updated ability to extract WhatsApp, WhatsApp Business, Discord, Viber, and Google Chrome data via Android Agent.
  • Using Android Agent, you can now re-extract data protected with a passcode if the first attempt fails.

New App support

We added support for the following new apps:

  • Bumble (Android, iOS)
  • Todoist (Android, iOS)
  • Samsung My Files (Android)
  • Gmail Go (Android)

The total number of supported app versions now exceeds 41,200.

Import Updates

Import and decryption of physical images

In Oxygen Forensic® Detective v.16.0.1, we added the following functionality:

  • Import and decryption of physical images of Honor 7S and Huawei Y5 devices.
  • Extraction of metadata from UFED extractions of CLBX format.

We also updated support for MTK-based devices having TEE T6.

Cloud Forensic Updates

In this release, we updated support for WhatsApp QR Mult-Device service and Huawei Cloud Data. Moreover, we added support for CAPTCHA for WhatsApp cloud.

Computer Artifacts

Decryption of VeraCrypt containers with key files

In Oxygen Forensic® Detective v.16.0.1, we added the following functionality:

  • Import and decryption of physical images of Honor 7S and Huawei Y5 devices.
  • Extraction of metadata from UFED extractions of CLBX format.

We also updated support for MTK-based devices having TEE T6.

Learn more about VeraCrypt support →

New artifacts

The updated Oxygen Forensic® KeyScout enables users to collect the following new artifacts:

  • IrfanView app from Windows
  • KMPlayer from Windows
  • Dropbox from GNU/Linux
  • The creation and modification dates of APFS partitions
  • The serial number of a macOS computer
  • The history of the user logins on macOS
  • Information about trusted documents and locations stored in MS Office apps
  • Information about documents printed with CUPS (Common UNIX Printing System) from macOS and GNU/Linux
  • Information about bookmarks and sessions of web browsers based on the Blink engine

Additionally, you can now  decrypt user passwords extracted from FileZilla Client as well as logins and passwords saved in the system VPN client.

Export Updates

We added several enhancements to the Export engine. Now contacts can be exported to VCF format. Moreover, .SMIL files are now excluded from reports.

Oxygen Forensic® Detective v.16

Download PDF

 

This Oxygen Forensic® Detective update introduces the following key features:

  • APK Downgrade support for Android OS 12 – 13
  • Decryption and extraction of VeraCrypt containers
  • Passcode brute force for Apple Notes and Briar app
  • Cloud extraction of Clubhouse, Bumble, and Google Messages
  • New categories in the Image Categorization engine

Mobile Forensic Updates

Support for Xiaomi Redmi devices

In Oxygen Forensic® Detective v.16.0, we added the ability to extract hardware keys and decrypt physical dumps of Xiaomi devices based on the Qualcomm SDM439 chipset. Xiaomi Redmi 7A, Xiaomi Redmi 8, and Xiaomi Redmi 8A devices running Android OS 7 or higher are now supported.

Extended support for UNISOC-based devices

We also added support for the devices based on the UNISOC T606, T616, T612, and T310 chipsets and running Android OS 10 – 13. Now you can extract hardware keys based on these chipsets to decrypt physical dumps of many HTC, Motorola, Nokia, Realme, ZTE, and other devices.

Learn more about UNISOC-based device support →

Enhanced APK Downgrade method

Our APK Downgrade method allows the extraction of popular apps by temporarily downgrading app versions so that they are included in the ADB backup. In Oxygen Forensic® Detective v.16.0, we added support for Android OS versions 12 and 13. Now you can extract data from many more Android devices using this method. With our support for WhatsApp, Instagram, Facebook, Twitter, and 40 other supported apps,  you will have access to much more critical evidence.

Learn more about APK Downgrade →

Samsung Browser extraction via Android Agent

Our APK Downgrade method allows the extraction of popular apps by temporarily downgrading app versions to include them in the ADB backup. In Oxygen Forensic® Detective v.16.0, we added support for Android OS versions 12 and 13. Now you can extract data from many more Android devices using this method. With our support for WhatsApp, Instagram, Facebook, Twitter, and 40 other supported apps,  you will have access to much more critical evidence.

Enhanced iOS Agent method

We significantly enhanced the ability to extract full file system and keychain via the iOS Agent. Now you can extract them from devices with iOS versions 14.6 – 14.8.1, 15.6 – 15.7.1, and 16.0 – 16.5.

Decryption of Apple Notes and Briar app

We added passcode brute force for encrypted Apple Notes and the Briar app.

If an Apple Note is encrypted, you can click the Enter passcode button on the toolbar of the Apple Notes section and brute force the passcode using our various available attacks.

You can now brute force the passcode for the Briar app installed on Android devices. This functionality is available in the Full File System extraction method.

New App support

We added support for the following new apps:

  • Threads (Android, iOS)
  • TikTok Lite (Android)
  • TanTan (Android, iOS)
  • 1Password (Android, iOS)

The total number of supported app versions now exceeds 40,000.

Import Updates

Image Import

In Oxygen Forensic® Detective v.16.0, we added the ability to import the following images:

  • Physical dumps of Xiaomi Redmi 7A/8/8A based on the Qualcomm SDM439 chipset
  • Physical dumps of the UNISOC T606/T616/T612, and T310 chipsets
  • XRY backups of versions 10.3.1 and newer

Additionally, you can now select artifacts to import and analyze from Oxygen Forensic® KeyScout extractions. This is a great time-saving feature as you do not need to import the whole extraction anymore.

Cloud Forensic Updates

Bumble data extraction

Bumble is another new service added in Oxygen Forensic® Detective v.16.0. Data extraction from this dating app is supported via phone number or token. Extracted evidence will include profile info, contacts, messages, and album photos.

Clubhouse data extraction

Launched in 2020, Clubhouse currently has over 10 million weekly active users. The latest Oxygen Forensic® Cloud Extractor enables data extraction from Clubhouse via phone number or token. The extracted data set includes account info, contacts, audio messages and replays, chats, notifications, and information about the houses.

Google Messages extraction

Now you can also extract Google Messages from the cloud. Use a token or scan a QR code with a mobile device to gain access to this cloud service. The evidence set will include information about the account owner, SIM cards, contacts, as well as private and group chats.

With this version, the total number of supported cloud services is now 105.

Computer Artifacts

Deleted files recovery

We added the ability to recover deleted files from FAT16, FAT32, and exFAT file systems. To do so, select the “Recover deleted files” option in the KeyScout Search settings,then, select drives and partitions where you want to recover deleted files.

Decryption of VeraCrypt containers

The updated Oxygen Forensic® KeyScout can now extract VeraCrypt encryption keys from Windows RAM. With a found VeraCrypt encryption key drive, partitions and separate file containers can be decrypted.

The key features of this functionality include:

  • Support for standard and hidden containers
  • Detection of drives, partitions, or file containers protected with VeraCrypt
  • Extraction of VeraCrypt encryption keys of any versions
  • Support for all 15 VeraCrypt encryption algorithms

In addition to VeraCrypt encryption keys, drives and partitions can be decrypted with a known password in Oxygen Forensic® KeyScout.

Learn more about VeraCrypt support →

New Artifacts

The updated Oxygen Forensic® KeyScout enables users to collect the following new artifacts:

  • Installed Homebrew packages from macOS
  • Shim Cache from Windows
  • The information about permissions that were given to applications on Windows
  • NordVPN from Windows, macOS, and GNU/Linux
  • PureVPN from Windows, macOS, and GNU/Linux
  • VLC Media Player from Windows, macOS, and GNU/Linux
  • A paid version of ViPole from Windows, macOS, and GNU/Linux
  • Telegram stories from macOS

Moreover, we added decryption of Viber databases from macOS and WhatsApp databases from Windows images.

Data Analytic Tools Updates

We enhanced our analytical sections with two features:

  • New categories are added to the Image Categorization section: medical, meme, offensive gesture, and schematic.
  • A new smart filter now allows showing events before and after those events marked with a particular tag in the Timeline section.

Get a 15-day free trial of Oxygen Forensic® Detective.

If your Country is not listed please contact sales@oxygenforensics.com

By submitting a form you are agreeing to our Privacy Policy.