Hard to believe that half the year is already up! Not only has our company been growing month after month but so has our software! Let’s take a look at the fantastic innovations brought to you in Oxygen Forensic® Detective these last six months.
This year alone we have added
support for 9 new cloud services. Our supported
services exceeds any other forensic tool on the market; increasing the total
amount of supported cloud services to 69!
Of note, we enhanced our
support for Apple iCloud services by offering the ability to acquire Apple
Health and Apple Maps data as well as all the logins, passwords, tokens and
other artifacts from the iCloud Keychain. Apple Health and keychain can be also
directly acquired from Apple iOS devices via logical extraction while Apple
Maps can be retrieved only from jailbroken Apple iOS devices and GrayKey images.
Apple Maps extraction from iCloud is a fantastic alternative to direct device acquisition.
We have also added the worlds
only current ability to extract account information, contacts, chats and calls
from the secure Wickr Me Messenger via password or token that can be extracted by
our software both in mobile devices and on Windows computers. Wickr Me
extraction from the cloud is a great alternative to direct device data acquisition
as the Messenger data on mobile devices is heavily encrypted.
We also extended support for
travel apps this year and added data extraction from BlaBlaCar and Booking.com
services. Since BlaBlaCar drivers and users have already been victims of crimes
including murder, drug
trafficking, and many
extraction from this app was of great importance to our customers.
The full list of newly added cloud services can be found in
the Oxygen Forensic® Detective interface by going to: Help> What’s New..
Computer Internet Artifacts and KeyScout
We continue to enhance our
Oxygen Forensic® KeyScout utility which is available at no
additional charge from the Tools menu of Oxygen Forensic® Detective.
Using KeyScout, investigators
now have the ability to extract history, bookmarks, autofill forms and cookies
from desktop web browsers including Google Chrome, Mozilla Firefox, and Microsoft
Please note that the collected data can be imported and viewed only in Oxygen Forensic® JetEngine.
We added the ability to use
several different search modes in KeyScout. Full and Optimal search modes offer
the ability to extract passwords and tokens from portable web browser and other
program versions and programs with non-default installation paths while Fast
search mode checks only the default paths.
To make it even better for
mobile forensic investigators, our Oxygen Forensic® KeyScout can now
find iTunes backups saved on the PC. Investigators should never dismiss iTunes
backups because they are often a great source of evidence. Even if the backup
is encrypted, we have investigators covered! Our powerful built-in decryption of not only
iTunes backups, but Android and more is included at no additional charge.
Finally, we added even more
app credential hunting using KeyScout. We now support My Parrot password, Wickr
Me token, Booking.Com password, QR token from the latest WhatsApp and so many others.
Mobile device support
continues to be our bread and butter.
This year we have continued working on decryption algorithms that allow investigators
to decrypt Android physical dumps as well as many “secure” apps.
We introduced the ability to
extract hardware bound keys and decrypt physical images of the devices based on
MediaTek MT6737 chipset even if Secure Startup is enabled. Moreover, we have
added the ability to decrypt physical dumps with the known password for Android
devices based on Qualcomm Snapdragon MSM8909 chipset.
What’s more, we’ve added
support for new Qualcomm chipsets: MSM8909, MSM8916, MSM8952 and MSM8939. As of
June 2019, the total amount of supported mobile devices exceeds 29,200!
We have also improved parsing
of the latest Huawei backups v.9.1 and HiSuite backups v.9.1. Do not overlook
these backups in your investigation because they contain a phenomenal amount of data that includes the
most popular applications and other content from the data/data folder.
This year we again lead in
application data parsing with the total amount of supported app versions
Thanks to the world leading ability
to decrypt encryption keys from the Android KeyStore we were able to introduce
complete support for the secure Signal messenger from Android devices. Moreover,
we have implemented decryption of CoverMe and Telegram X Messengers. For the
full list of supported apps and artifacts go to Help > Supported
applications menu of Oxygen Forensic® Detective.
We have been supporting DJI
drones for some time, however this year we focused on the second market leader
– Parrot drones. Within 6 months we managed to introduce Parrot drone data extraction
from all possible sources. First, we have added the ability to analyze and
visualize the flight data of Parrot drones from flight logs obtained by
physical dumps or produced by the FreeFlight Pro mobile app. Second, we introduced
the industry’s only ability to extract detailed flight history from My Parrot
Cloud via login/password or token found in Apple iOS and Android devices. Third,
the data parsing from Freeflight 6 mobile app has been dramatically updated.
But the most significant UAS
improvement – now in Oxygen Forensic® JetEngine you can analyze extended
technical information about the drone flight that includes drone acceleration,
gyroscope, UAS temperature details and other data available in flight logs. Simply
amazing for any investigation.
JetEngine and fast data analysis
Last December we introduced our built-in Oxygen Forensic® JetEngine, a 64-bit forensic powerhouse that allows investigators to quickly parse volumes of data and leverage advanced analytical tools to quickly pinpoint evidence. Within the last 6 months it has grown into an unbelievably powerful tool with an enormous amount of useful functions. Among some notable additions include: the ability to view Files and Social Graph Sections for a case, import and parse numerous backups and images including UAS, enhanced Maps with the unique ability to play an animated route showing the direction of travel of the extracted geo coordinates and some amazing new analytical diagrams of collected data.
To help investigators quickly
locate data in mobile device extractions we added a new OS Artifacts section
where investigators can find the following additional artifacts from Apple iOS
jailbroken devices: applications activity, process activity, battery usage,
lock state history, Siri activity, etc.
We have also made the
integration between Oxygen Forensic® Detective and Oxygen Forensic®
JetEngine much smoother. You can now export any Detective extraction to
JetEngine just right clicking in the device tree and choosing the Export
WHAT TO EXPECT IN THE SECOND
PART OF THE YEAR? Many more great features to include our facial recognition
and more. Remember, all these great features
and additions are available at no additional charge! Stay tuned!