Oxygen Forensics

Oxygen Forensic® Detective update offers access to Samsung Secure Folder, enhanced lock screen-bypass, and more

Oxygen Forensics releases the new version of its flagship forensic software, Oxygen Forensic® Detective! Oxygen Forensic® Detective version 10.3 is now available, introducing support for more devices and app extractions, as well as industry-first access to cloud backups for Samsung Secure Folder and Viber. The updated software offers unique ability to extract the Samsung Secure Folder cloud backup, allowing investigators access to account details, contact and calendar cards, the APK file, and document revisions. Cloud extraction is currently the only method for retrieving content secured in the Samsung Secure Folder, as a physical acquisition of Samsung devices does not allow access to this folder. Another industry-first feature included in this version is the ability to acquire data backed up from Viber messaging app to iCloud or Google Cloud.

Oxygen Forensics is also proud to introduce Oxygen Forensic® KeyScout, our newest forensic utility, which enables investigators to locate and retrieve tokens and login credentials saved in the Web browsers of a device’s associated PC for use in extractions.

With Oxygen Forensic® Detective version 10.3, investigators can easily acquire more than 430 locked Android devices built on Qualcomm chipsets in emergency download (EDL) mode. Moreover, Oxygen Forensics has significantly extended and updated Spreadtrum physical extraction method by adding support for more than 100 new Android devices with 4, 8 and 16 GB of RAM.

View Oxygen Forensic® Detective release notes.

Watch Oxygen Forensic® Detective release video.

All registered customers may download the new version immediately from their personal customer area. Updated Oxygen Forensic® Analyst and Oxygen Forensic® Passware Analyst are also available for download.

New in Oxygen Forensic® Detective v.10.3.0.100:

  • Oxygen Forensic® Extractor. Fixed the issue that occurred when analyzing the user partition of physical dumps made from Spreadtrum and Qualcomm devices.
  • Oxygen Forensic® SQLite Viewer. Improved interface scaling.

New in Oxygen Forensic® Detective v.10.3:

  • Oxygen Forensic® Cloud Extractor. Added the industry-exclusive ability to extract the Samsung Secure Folder Backup. The Secure Folder allows users to keep their private data in a separate secured folder on the mobile device. Access to this secure folder can be made by fingerprint or password only. Now investigators can gain access to account details, apk file revisions, contact and calendar cards, and document revisions of the Secure Folder from the Cloud.
  • Oxygen Forensic® Extractor. Added the ability to bypass screen lock and extract data from Android devices based on Qualcomm chipsets via EDL mode. The method works on 430+ Android devices of 26 manufacturers.
  • Oxygen Forensic® Extractor. Added the ability to bypass screen lock and extract data from Android devices based on Spreadtrum with the memory of 4, 8 and 16Gb. The total amount of supported Spreadtrum devices exceeds 100.
  • Oxygen Forensic® Cloud Extractor. Added the industry-exclusive ability to extract Viber backups from Google Cloud and iCloud via login/password or token. Investigators can now gain access to the information about the Viber account, private and group chats and media file thumbnails.
  • Oxygen Forensic® Cloud Extractor. Added the Oxygen Forensic® KeyScout utility that finds credentials and tokens on a PC running Windows. Now investigators can collect all available credentials on the subject’s computer and immediately utilize them in Oxygen Forensic® Cloud Extractor.
  • Oxygen Forensic® Cloud Extractor. Added data extraction from QQ Mail: account information, mails with attachments and contacts.
  • Oxygen Forensic® Cloud Extractor. Added the ability to acquire new data types from Google My Activity: Google Play, Newsstand, Google Play Movies & TV, Google Play Games and many others.
  • Oxygen Forensic® Cloud Extractor. Added the ability to acquire new data types from Telegram. Added the ability to acquire new data types from Telegram. Now investigators can extract supergroups, authorization sessions, etc.
  • Oxygen Forensic® Cloud Extractor. Added the ability to extract OneDrive data via token.
  • Oxygen Forensic® Cloud Extractor. Added a new window for viewing the credentials from .ocpk files.
  • Oxygen Forensic® Maps. Added the ability to export selected Map layers to a PDF report.  
  • Search. Added support for PhotoDNA. Now investigators can import PhotoDNA hash sets from Project VIC JSON files or from plain TXT and CSV files and search for child exploitation images in the extracted mobile and cloud data. 
  • Applications. Updated support for 400+ app versions for iOS and Android devices. The total amount of supported app versions exceeds 7000.
  • Applications. Messengers. Added data parsing from TamTam Messenger (2.4.8) from Apple iOS devices and TamTam Messenger (1.9.0) from Android devices.
  • Applications. Sport. Added data parsing from Strava (41.1.0) from Apple iOS devices and Strava (33.0) from Android devices.
  • Applications. Finance. Added data parsing from Sberbank online (7.11.3) from Android devices.
  • Applications. Messengers. Updated data parsing from Skype (8.16) from Apple iOS devices.
  • Applications. Messengers. Updated data parsing from Google Duo (33.0) from Apple iOS devices and Google Duo (32.1) from Android devices.
  • Applications. Messengers. Updated data parsing from Facebook Messenger (156.0) from Apple iOS devices and Facebook Messenger (160.0.0.28.92) from Android devices.
  • Applications. Messengers. Updated data parsing from Telegram (4.8.1) from Apple iOS devices.
  • Applications. Messengers. Updated data parsing from Viber (8.6.1) from Apple iOS devices and Viber (8.6.0.9) from Android devices.
  • Applications. Messengers. Updated data parsing from GroupMe (5.17.1) from Apple iOS devices.
  • Applications. Messengers. Updated data parsing from Kik (12.4) from Apple iOS devices and Kik (12.7.1.7291) from Android devices.
  • Applications. Messengers. Updated data parsing from Line (8.4.2) from Android devices.
  • Applications. Messengers. Updated data parsing from WeChat (6.6.6) from Apple iOS devices and WeChat (6.6.2) from Android devices.
  • Applications. Messengers. Updated data parsing from WhatsApp (2.18.31) from Apple iOS devices and WhatsApp (2.18.92) from Android devices.
  • Applications. Social Networks. Updated data parsing from Facebook (166.0.0.63.95) from Android devices.
  • Applications. Social Networks. Updated data parsing from Workplace (169.0) from Apple iOS devices and Workplace (168.0.0.38.90) from Android devices.
  • Applications. Social Networks. Updated data parsing from Instagram (39.0)  from Apple iOS devices and Instagram (39.0) from Android devices.
  • Applications. Social Networks. Updated data parsing from LinkedIn (4.1.159) from Android devices.
  • Applications. Social Networks. Updated data parsing from Twitter (7.20.2) from Apple iOS devices and  Twitter (7.35.0) from Android devices.
  • Applications. Social Networks. Updated data parsing from VK (4.3) from Apple iOS devices and VK (5.8) from Android devices.
  • Applications. Social Networks. Updated data parsing from OK (Odnoklassniki) (7.10.1) from Apple iOS devices and OK (Odnoklassniki) (18.5.14) from Android devices.
  • Applications. Business. Updated data parsing from Flipboard (4.1.17) from Android devices.
  • Applications. Business. Updated data parsing from Gmail (5.0.180311) from Apple iOS devices.
  • Applications. Business. Updated data parsing from Google Keep (2.2018.12203) from Apple iOS devices and Google Keep (4.1.091.10.40) from Android devices.
  • Applications. Business. Updated data parsing from Google Translate (5.19.0) from Apple iOS devices and Google Translate (5.17.0) from Android devices.
  • Applications. Business. Updated data parsing from Yandex.Mail (3.5.9) from Apple iOS devices.
  • Applications. Finance. Updated data parsing from Sberbank online (8.9.1) from Apple iOS devices.
  • Applications. Finance. Updated data parsing from Bread Wallet (205) from Android devices.
  • Applications. Finance. Updated data parsing from Jaxx (1.3.15)  from Apple iOS devices.
  • Applications. Web Browsers. Updated data parsing from Chrome (66.0.3358.158) from Android devices.
  • Applications. Web Browsers. Updated data parsing from Firefox (59.0.2) from Android devices..
  • Applications. Web Browsers. Updated data parsing from Opera mini (33.0.2254.125672) from Android devices.
  • Applications. Multimedia. Updated data parsing from Musical.ly (6.8.2) from Apple iOS devices.
  • Applications. Navigation. Updated data parsing from Waze (4.35.1) from Apple iOS devices and Waze (4.35.1.0) from Android devices.
  • Applications. Sport. Updated data parsing from  Endomondo (18.4.4) from Android devices.
  • General. Added support for 1300+ new Android devices: Huawei Honor 10 Global Dual SIM TD-LTE 128GB COL-L29, BQ Aquaris X2 Pro LTE Dual SIM 64GB, Samsung SM-A605G/DS Galaxy A6+ 2018 Duos TD-LTE APAC (Samsung A605), Sony Xperia XZ2 TD-LTE JP 702SO (Sony PF22), Xiaomi Redmi S2 Dual SIM TD-LTE CN 64GB, OnePlus 6 Dual SIM Global TD-LTE A6000 128GB, etc. 
  • Oxygen Forensic® Cloud Extractor. Improved algorithm of data extraction from Telegram accounts with a  huge amount of data.
  • Oxygen Forensic® Cloud Extractor. Updated and improved algorithm of OneDrive data extraction.

Stay tuned to smartphone forensics! Stay tuned to success with Oxygen Forensics, Inc!