Oxygen Forensic® KeyScout helps collect computer artifacts for both corporate and criminal investigations. KeyScout is compatible with Windows, macOS, and Linux. Extract, import, and analyze computer artifacts to gain more insight into employee and criminal activity. KeyScout is available with an Oxygen Forensic® Detective license.
Oxygen Forensic® KeyScout is a portable utility that extracts system files, user data and credentials enabling fast data collection for computers running Windows, macOS and Linux OS. This application is included within the Oxygen Forensic® Detective at no additional charge. The current version allows investigators to collect data on live computer systems, as well as parse computer images. The KeyScout also extracts the list of Wi-Fi connections and locates iTunes, Samsung and Huawei backups that can be imported into Oxygen Forensic® Detective. KeyScout can be used for both criminal and corporate cases that include:
- Fast evidence extraction on live running system
- Collection of credentials for cloud data extraction
- Incident responses
- Tracking the history of malware infection
- Investigations of employee misconduct
The KeyScout interface is intuitive, making it easy to navigate for even novice users of Oxygen Forensic® products. Let’s take a closer look at all the functions included in the software.
Credentials collection
Extract and decrypt a vast range of passwords and tokens from web browsers, apps, and other storages. Import these credentials as OCPK f iles into the built-in Oxygen Forensic® Cloud Extractor and extract data from over 100 cloud services. Learn more about cloud extraction.
User data extraction
Recover and decrypt user data from various desktop apps, including messengers, web browsers, email clients, preinstalled Apple apps, and other sources. Import the collected user data as an ODB backup into Oxygen Forensic® Detective to view and analyze it.
System files collection
With Oxygen Forensic® KeyScout, investigators can recover valuable insights into computer usage by collecting all important system files on Windows and macOS that include Jump Lists, Shellbags, Prefetch, Amcache, ActivitiesCache, USBSTOR, Quarantine Events, FSEvents files and many others. These files will help investigators determine the user’s recent interactions with the computer, as well as help track the folder browsing history, recent downloads, and the history of USB connected devices.
Image parsing
Investigators can import and parse various computer images: E01, EX01, L01, LX01, AD1, .zip, .7z, .rar, .tar logical images, .raw, .dmg, .iso physical images as well as images of virtual machines and Time Machine macOS backups. The evidence set will include user data and credentials from the most popular messengers, email clients, and web browsers.
RAM Capture
Oxygen Forensic® KeyScout also offers the ability to capture RAM and saves it to Raw format for further analysis. It has the smallest footprint possible and does not require installation. The utility is compatible with Windows 10. Learn more about RAM capture with KeyScout.
Advanced analytics
Once the collected data is imported into Oxygen Forensic® Detective, investigators can merge it with their extractions and analyze it within our built-in analytics sections. These sections include Timeline, Statistics, Social Graph, Image Categorization, OCR, Facial Recognition. Key Evidence, and Search. To complete, the Oxygen Forensic® Detective interface enables users to generate their own detailed, customized reports. Learn more about analytic tools in Oxygen Forensic® Detective.
Learn about all the current updates and capabilities.