Oxygen Forensic Detective
Home » Mobile Forensics » Software »
Founded in 2000, Oxygen Forensics has provided solutions in the mobile forensics market since the beginning of our mobile-connected world. Nowadays Oxygen Forensics is the leading global digital forensics software provider, giving law enforcement, federal agencies, and enterprises access to critical data and insights faster than ever before. Specializing in mobile devices, cloud, drones and IoT data, Oxygen Forensics provides the most advanced digital forensic data extraction and analytical tools for criminal and corporate investigations.
Advanced Software To Extract Data From Multiple Sources
- Finds passwords to encrypted device backups and images
- Bypasses screen lock on popular Android OS devices
- Acquires data from cloud services and storages
- Extracts flight history and media files from drones
- Acquires data from IoT devices and smartwatches
- Collects user data on Windows, MacOS and Linux PCs
- Supports import and analysis of call data records
- Offers built-in facial and image recognition
- Provides social links analysis and Timeline view
Try Oxygen Forensic Detective Free for 30 Days
This trial version includes all of the features and functionality of the full, paid version. However, reports generated will feature a “Demo Version” watermark.
Oxygen Forensic Detective Features
Mobile Devices
Oxygen Forensic® Detective offers data extraction from iOS, Android devices, feature phones, media, and SIM cards. Because time is always of importance, simultaneous acquisition of several devices is available and exclusive to Oxygen Forensic Detective. Oxygen Forensic® Detective imports numerous backups and images, including iTunes, Android backups, GrayKey, JTAG, Chip-off, UFED, XRY images, and more. Oxygen Forensic® Detective uses proprietary methods to bypass or disable screen locks on mobile devices, including Samsung, LG, Motorola, as well as devices based on MTK, Spreadtrum or Qualcomm chipsets. The built-in Jet Imager enables physical data extraction at speeds unsurpassed in the industry. Oxygen Forensic® Detective can find passwords to encrypted iTunes backups and Android images as well.
Cloud Services
The built-in Oxygen Forensic® Cloud Extractor allows investigators to gain access to a tremendous amount of cloud services that include iCloud, Google, Microsoft, Samsung, Huawei, Mi Cloud accounts, E-mail server and other services, like Facebook, Twitter, Instagram, Dropbox, WhatsApp, Telegram, etc. Our Cloud Extractor also offers the exclusive ability to extract and decrypt WhatsApp backups. Investigators may utilize either account credentials or tokens to access any supported cloud storage service.
Using Oxygen Forensic® Detective, investigators can extract credentials and tokens directly from a mobile device while Oxygen Forensic KeyScout collects passwords and tokens on Windows-based computers. This valuable data can then be used to collect and extract information from the associated cloud service accounts under investigation.
Drones
Oxygen Forensic® Detective enables the verbose data parsing and analysis from drone collections, flight logs, mobile apps and cloud services. Oxygen Forensic® Detective can create or import drone physical dumps and parse GPS locations showing valuable route data as well as device telemetry to include: speed, direction, altitude, temperature, and more. Currently, various models of DJI and Parrot drones are supported. Data parsing from drone applications is also available from iOS and Android devices. Investigators can decode drone images and videos, locations with time stamps and other data. Additionally, drone data extraction from cloud services can be accomplished via login/password or token from DJI, SkyPixel or My Parrot clouds.
Computer
Oxygen Forensic® KeyScout utility focuses on extracting passwords, tokens, and user data both from web browsers and desktop apps, as well as locating iTunes backups and finding Wi-Fi hotspot passwords on Windows OS computers. Currently, there are numerous desktop apps supported, including WhatsApp, Viber, WickrMe, Telegram, Skype, Microsoft Mail, Microsoft Outlook, Thunderbird, all the popular Web browsers, iCloud for Windows, etc. Collected tokens and passwords can be immediately used for cloud data extraction while extracted web browser, messenger and email data can be imported into Oxygen Forensic® Detective software for further analysis and analytics with mobile data artifacts in one case.
IOT Devices
Oxygen Forensic® Detective currently offers data extraction from two popular IoT devices – Amazon Alexa and Google Home. Since it is difficult to extract data directly from devices, we provide investigators with the ability to access alternative sources – cloud and mobile apps. Investigators can gain access to cloud information via login/password or token that can often be extracted from the user’s PC or mobile devices. Oxygen Forensic® Cloud Extractor acquires a complete evidence set including voice recordings that can be played directly our software interface. Oxygen Forensic® Detective also extracts IoT app data from Apple iOS and Android devices.
Wearables
Oxygen Forensic® Detective performs logical acquisition of smartwatches based on MTK chipset allowing forensic experts to extract device models, contacts, calls, messages, multimedia files, and other data. Moreover, the software acquires complete data from various fitness apps, like Apple Health (including data synched with Apple Watch), Samsung Health,
Google Fit, FitBit, Endomondo, and more. This valuable data can be extracted both from mobile devices and cloud services and often contains a tremendous amount of geo-locations with timestamps, health data, steps and stair count with additional user statistics.
Data Analysis
DATA PARSING
Oxygen Forensic® Detective’s powerful 64-bit forensic architecture allows investigators to quickly parse volumes of data and leverage advanced analytical tools, like Social Graph, Timeline, Facial Recognition, and more to quickly identify critical evidence. Oxygen Forensic® Detective delivers parsing and decoding of data three times faster than the leading competitor to support massive data sets from mobile devices, backups, drones and cloud services. This powerful tool also offers a multi-tab user interface so working with several sections simultaneously will allow effortless data comparing.
FACIAL RECOGNITION
Oxygen Forensic® Detective offers the ability for investigators to categorize human faces. The facial recognition is available in the Faces section at no additional charge. The unique features include industry-leading accuracy (as measured by NIST), detailed face analytics (gender, race, emotion, and more), immediate categorization and matching (5 faces/second) and support for massive volumes of data. Using the built-in facial recognition investigators will spend less time looking through thousands of photos or videos in mobile, cloud or drone extractions.
SOCIAL LINKS
The built-in Social Graph provides a convenient platform to explore social connections between a device owner and contacts or between several devices. Using the Social Graph investigators can identify the device owner’s closest contacts in one click. Click on any contact to open a card containing detailed information about the selected contact and all communications across device sources. The Social Graph interface is dynamic and nimble, and investigators can drag and drop to move, hide, or merge contacts while producing a crystal clear view of device and case connections.
TIMELINE
The Timeline section provides a view of all deviceevents in one list – chats within apps, calls, web activity, web connections, photos and videos, calendar events, and more. Events can be viewed for one device or a group of devices, allowing easy identification of common group activities. Sort and filter by date, time, activity frequency, contact, remote party, or other data points to focus only on the most relevant data. The GEO Timeline tab contains the full list of geo coordinates from all the sources that include photos, videos, apps, drone flight logs, and more.
MAPS
Oxygen Forensic® Detective acquires geo coordinates from all possible sources including mobile devices, drones, cloud storage, media cards, and imported images. Once analyzed, the data can be viewed within our Oxygen Forensic® Maps either online or offline. The Maps module includes the ability to:
- Identify a device’s frequently visited places
- Visualization of a device’s movements within a specified period of time
- Pinpointing common locations of several devices
- Playing an animated route showing the direction of travel.
DATA SEARCH
Oxygen Forensic® Detective allows investigators to search across a single device, all devices in a case, or all devices in a database for text, phone numbers, email addresses, geo coordinates, IP addresses, MAC addresses, credit card numbers, and file hashes including Project VIC. A Regular Expression library is available for custom search functions, and the Keyword List Manager and Watchlists allow investigators to create a set of keywords and perform searches during or after extraction.
Data Export
OFB BACKUPS
All extracted data can be saved to an Oxygen Forensic Backup (OFBX) clicking on Save to archive button on the main toolbar of Oxygen Forensic® Detective. This OFB backup can be imported back to Oxygen Forensic® Detective anytime later or can be sent to colleagues to be opened in the Oxygen Forensic® Viewer. The Viewer is a free portable utility for viewing and sharing collected evidence from Oxygen Forensic® Detective. It can be downloaded from the customer area and requires no installation or activation.
DATA REPORTS
Oxygen Forensic® Detective enables data export from any section to many popular file formats including PDF, RTF, XLS, XML, HTML, etc. A report can be created to include a single device, several devices, several sections or even selected records. Reports are highly customizable to display only the data required, for any type of case. Our XML reports can be integrated into other analytic software platforms. Oxygen Forensic® Detective can also export data into the Relativity software format.
Data Viewers
PLIST VIEWER
The built-in Oxygen Forensic® Plist Viewer offers advanced analyzing of Plist files: investigators can open plain XML and binary XML files, view entries according to their type (string, data, numbers etc.), convert values, open external files for analysis, export .plist file data in XML format for further analysis by external tools.
SQLITE VIEWER
The built-in Oxygen Forensic® SQLite Viewer is a powerful 64-bit tool for examining SQLite files. With this tool, investigators can open any SQLite database, recover deleted records, convert values to a readable format, build visual and non-visual SQL queries and save them for further use, run search and finally export selected entries to customization data reports.