Oxygen Forensic® Detective
In this section you can analyze contacts from multiple sources such as Phonebook, Messages, Social Networks and Messengers.
The section automatically reveals same people in different sources and groups them together in one meta-contact.
Oxygen Forensics has made a partnership with the MITRE Corporation to deliver the fastest extraction method for Android devices.
Rooting an Android device reveals the complete set of user data to the investigator.
Generally this procedure requires certain knowledge and research, but Oxygen Forensic® software helps experts to automate this operation.
Oxygen Forensic® software retrieves all vital application data from mobile devices running iOS, Android OS, BlackBerry 10, Windows Phone 8. The program is able to decrypt apps databases even if they securely encrypted.
Currently 410 unique applications and 5540+ app versions are supported.
Oxygen Forensic® products allow to import and parse data from various device backups and images created by sync software or other forensic products.
Calendar & Tasks
The Organizer section displays notes, tasks, and calendar entries created or synchronized by device user.
The set of sub-sections and their features depends on the seized device manufacturer and exact model.
Call Data Records
Oxygen Forensic® Call Data Expert is a forensic program that allows importing and analyzing CDR files (Call Data Records) received from mobile service providers regardless of the difference in their column formats and file layouts.
Oxygen Forensic® software allow to bypass screen lock passwords and create full physical dumps from Chinese chipset devices.
The current version supports all popular devices based on MediaTek (MTK) and Spreadtrum chipsets.
Cloud Data Extraction
Oxygen Forensic® Detective acquires data from more than 45 cloud sources: iCloud, Google, Microsoft, Huawei, E-Mail (IMAP) Server, various social media and cloud storages.
Data Scout retrieves subscriber data from any extracted phone number. It interacts with online lookup services to gather intelligence information of collected phone numbers from mobile device extractions.
Various data viewers help experts to analyze extracted data in a convenient way.
Oxygen Forensic® software has built-in HEX-viewer, picture viewer, music and video players, text viewer with code page converter, HTML, SQLite and Plist Viewers.
Device information section displays complete technical information about the device. This includes Manufacturer, Retail Model Name, Platform and its revision, IMEI, MAC addresses, IMSI, Serial Number, phone number and any other model specific data.
Dictionaries section shows all the words ever entered in device messages, notes and calendar.
These are not words from the device system dictionary, they are from unique user dictionary that is created by device owners when using it.
Oxygen Forensic® Detective currently offers the most verbose drone data parsing and analysis from physical dumps, drone logs and mobile applications.
Oxygen Forensic® Detective allows to decrypt and find passwords to encrypted backups and images.
Event Log section contains users’ voice communication: dialed, received and missed calls. Experts find here call time, duration and remote party. Recovering deleted calls is available for certain types of devices.
File Browser section is a powerful tool to access and analyze user photos, videos, documents and device databases.
Built-in text, hex, multimedia, SQLite, Plist viewers, Geo-location and EXIF extractors help experts to view files and their properties..
Web Connections section may reveal suspects’ visited places.
With Wi-Fi Connections list forensic experts are able to determine where and when suspect used Wi-Fi internet access (public or even private) and ascertain his location.
Global Search allows discovering user data in every section of the device.
Tool offers searching for text, phone numbers, emails, geo coordinates, IP addresses, MAC addresses, Credit Card numbers. Regular expressions library is available for more custom search.
Key Evidence section offers a clean, uncluttered view of evidence marked as essential by investigators.
Forensic specialists can mark certain items belonging to various sections as being essential evidence, then review them all at once regardless of their original location.
Links and Stats
Quickly reveal social connections between users of mobile devices under investigation and their contacts.
Links and Stats section provides a convenient tool to explore social connections between device users by analyzing calls and all types of communications in standard and third-party applications.
Locked Motorola devices acquisition
Oxygen Forensic® Detective introduces the breakthrough technology to extract data from password-locked Motorola devices running Android OS. This innovative approach covers the latest Motorola devices released after the year 2015, like Moto X Pure, Moto G 3rd gen and Moto G 5th gen.
Locked Samsung devices acquisition
Oxygen Forensic® Detective offers an advanced physical method for Samsung Android devices via forensic custom recovery function. The approach covers the latest Samsung devices based on Android OS. This creative method allows the examiner to bypass any screen lock password to create a full physical dump from supported devices.
Messages section contains users’ correspondence including SMS, MMS, Emails, iMessages and other depending on the device type. Recovering deleted messages is available for certain types of devices.
Oxygen Forensic® Maps
Oxygen Forensic® Detective acquires geo coordinates from all possible sources including: mobile devices, cloud storage, media cards, and imported images.Once analyzed, the data can be viewed within both online or offline maps.
Passwords section displays logins, passwords and tokens extracted from applications databases.
Password recovery is available for iOS, Android and Windows Phone 8 devices.
Phonebook section contains users’ contacts with all its data: name, occupation, phone numbers, addresses, emails, notes.
Depending on the device experts gain access to the private information of the contacts, like birthdays, relatives’ names and anniversaries.
Plist files, known as Property List XML Files, contain a lot of valuable forensic information in Apple devices. Browser history, Wi-Fi access points, speed dials, Bluetooth settings, global applications settings, Apple Store settings and even more data can be extracted from .plist files.
When it comes to solving a crime, reports are one of the most important things for the investigator. Popular file formats and ability to export or print the whole set of data or only important parts helps experts to show the result of their work in the best way.
Screen Lock Disabler
With locked devices being a top forensic problem we are doing our best to invent new methods to recover digital evidence even in the most challenging cases.
Social Graph visualizes complex connections inside crime groups.
This is a highly adjustable workplace that allows forensic experts to review connections between mobile device owners and their contacts, pinpoint connections between multiple device owners, and detect their common contacts.
Oxygen Forensic® software can detect spyware apps installed on Android and Apple devices, discover and process their logs and configuration files.
SQLite Viewer allows to explore the database files with the following extensions: .sqlite, .sqlite3, .sqlitedb, .db, .db3.
Experts have the access to the actual and deleted data stored in databases created by system and user applications.
Timeline allows to view all facts of mobile device usage in one sorted list.
This section organizes all calls, messages, calendar events, geo data and applications activities in chronological way, so you can easily follow the conversation history without the need to switch between different sections.
Oxygen Forensic® software can parse WebKit data from iOS and Android devices. WebKit is an engine that is widely used by mobile web browsers and other applications that display information using webpages. WebKit data usually stores emails from webmail interface and content of visited pages.