At Oxygen Forensics, we are set on making the work of our customers easier. This is why we have updated search profiles within Oxygen Forensic® KeyScout.
Search Profiles
Previously, three main search modes were available: Fast, Optimal, and Full. Users were able to edit each mode and save the final template as a custom search mode. Unfortunately, the data that was being extracted from each mode was not obvious from the description, and only search paths changed depending on the chosen mode. Furthermore, with the newly added features and search paths now included in Oxygen Forensic® Detective , we also updated the search modes.
In Oxygen Forensic® Detective v.15.3, we have updated search profiles within Oxygen Forensic® KeyScout.
Now the following search profiles are available by default:
- Applications, system artifacts, passwords, and tokens by default paths;
- All files, applications, system artifacts, passwords, tokens, and RAM data;
- Applications, system artifacts, passwords, and tokens by all paths;
- Only RAM data;
- All files by all paths;
- All documents and images from user directories.
Click on the arrow next to the profile’s name to view detailed information about the profile. Please note that only one profile can be selected.
Edit the Default Search Profiles
Any search profile can be edited or saved to the disk. To do this, click on the three dots next to the arrow and select the relevant option. Custom profiles can also be deleted from the list by clicking on the same icon.
To edit a profile, click on the icon with three dots next to the profile’s name and select “edit.” A new window will open. From there, you can adjust time zone, volume size, set roots included and excluded from the search, passwords, files, applications, system artifacts, and what data is extracted from the memory.
Several editing windows can be opened simultaneously, allowing to set several search profiles, copying and pasting relevant data if needed.
Options within “Applications,” “System artifacts,” and “Memory” tabs can be filtered by groups and platforms, allowing the more precise selection of data that is to be extracted. We have also enabled filtering by text, enabling faster detection of relevant and sought-after settings.
Click “Save” to save the edits. The updated profile will be saved as a custom search profile. If users do not name the new profile themselves, its name will consist of a number and the name of the original profile.
It is also possible to create a custom search profile by clicking on “Create profile” above the grid. The same window will open.
Import a Custom Search Profile
To import a search profile, select the “Load profile” option above the list of available search profiles, select a .yaml file that could be imported into Oxygen Forensic® KeyScout and click “Open.”
Custom search profiles are saved automatically and will be listed among default search profiles at every launch.
To initiate data extraction, select a search profile and then “Start search.”
Get more from Oxygen Forensic® Detective
At Oxygen Forensics our software is updated multiple times every year. We offer training courses and webinars that can help you learn the ins and outs of Oxygen Forensic® Detective and stay up to date on new features and tools needed for your investigation. Returning customer? Sign up for our newsletter to stay in the loop.
Don’t have Oxygen Forensic® Detective and want to try it out? Request a free-trial.