Oxygen Forensics

Oxygen Forensic® Detective Features

Aggregated Contacts

In this section you can analyze contacts from multiple sources such as Phonebook, Messages, Social Networks and Messengers.  

The section automatically reveals same people in different sources and groups them together in one meta-contact.

Android Jet-Imager™

Oxygen Forensics has made a partnership with the MITRE Corporation to deliver the fastest extraction method for Android devices.

Android Rooting

Rooting an Android device reveals the complete set of user data to the investigator.

Generally this procedure requires certain knowledge and research, but Oxygen Forensic® software helps experts to automate this operation.

Applications

Oxygen Forensic® software retrieves all vital application data from mobile devices running iOS, Android OS, BlackBerry 10, Windows Phone 8. The program is able to decrypt apps databases even if they securely encrypted.

Currently 380 unique applications and 2950+ app versions are supported.

Backups Import

Oxygen Forensic® products allow to import and parse data from various device backups and images created by sync software or other forensic products.

Calendar & Tasks

The Organizer section displays notes, tasks, and calendar entries created or synchronized by device user.

The set of sub-sections and their features depends on the seized device manufacturer and exact model.

Call Data Records

Oxygen Forensic® Call Data Expert is a forensic program that allows importing and analyzing CDR files (Call Data Records) received from mobile service providers regardless of the difference in their column formats and file layouts.

Chinese Devices

Oxygen Forensic® software allow to bypass screen lock passwords and create full physical dumps from Chinese chipset devices.

The current version supports all popular devices based on MediaTek (MTK) and Spreadtrum chipsets.

Cloud Data Extraction

Oxygen Forensic® Detective acquires data from more than 30 cloud storages: iCloud contacts and calendar, Google Drive, Google Location History, Live contacts and calendar, OneDrive, Dropbox and Box as well as from a wide range of social media including Twitter and Instagram.

Data Scout

Data Scout retrieves subscriber data from any extracted phone number. It interacts with online lookup services to gather intelligence information of collected phone numbers from mobile device extractions.

Data Viewers

Various data viewers help experts to analyze extracted data in a convenient way.

Oxygen Forensic® software has built-in HEX-viewer, picture viewer, music and video players, text viewer with code page converter, HTML, SQLite and Plist Viewers. 

Device Information

Device information section displays complete technical information about the device. This includes Manufacturer, Retail Model Name, Platform and its revision, IMEI, MAC addresses, IMSI, Serial Number, phone number and any other model specific data.

Dictionaries

Dictionaries section shows all the words ever entered in device messages, notes and calendar.

These are not words from the device system dictionary, they are from unique user dictionary that is created by device owners when using it.

Encrypted backups

Oxygen Forensic® Detective allows to decrypt and find passwords to encrypted backups and images.

Event log

Event Log section contains users' voice communication: dialed, received and missed calls. Experts find here call time, duration and remote party. Recovering deleted calls is available for certain types of devices.

File Browser

File Browser section is a powerful tool to access and analyze user photos, videos, documents and device databases.

Built-in text, hex, multimedia, SQLite, Plist viewers, Geo-location and EXIF extractors help experts to view files and their properties..

Geo Locations

Web Connections section may reveal suspects' visited places.

With Wi-Fi Connections list forensic experts are able to determine where and when suspect used Wi-Fi internet access (public or even private) and ascertain his location.

Global Search

Global Search allows discovering user data in every section of the device.

Tool offers searching for text, phone numbers, emails, geo coordinates, IP addresses, MAC addresses, Credit Card numbers. Regular expressions library is available for more custom search.

Key Evidence

Key Evidence section offers a clean, uncluttered view of evidence marked as essential by investigators.

Forensic specialists can mark certain items belonging to various sections as being essential evidence, then review them all at once regardless of their original location.

Links and Stats

Quickly reveal social connections between users of mobile devices under investigation and their contacts.

Links and Stats section provides a convenient tool to explore social connections between device users by analyzing calls and all types of communications in standard and third-party applications.

Locked devices acquisition

Oxygen Forensic® Detective offers a new physical method for Samsung Android devices using our forensic custom recovery function. This approach covers the latest Samsung devices based on Android OS, like Galaxy S5, Galaxy S6, etc.

Messages

Messages section contains users' correspondence including SMS, MMS, Emails, iMessages and other depending on the device type. Recovering deleted messages is available for certain types of devices.

Oxygen Forensic® Maps

Oxygen Forensic® Detective acquires geo coordinates from all possible sources  including: mobile devices, cloud storage, media cards, and imported images.Once analyzed, the data can be viewed within both online or offline maps.

Passwords

Passwords section displays logins, passwords and tokens extracted from applications databases. 

Password recovery is available for iOS, Android and Windows Phone 8 devices.

Phonebook

Phonebook section contains users' contacts with all its data: name, occupation, phone numbers, addresses, emails, notes.

Depending on the device experts gain access to the private information of the contacts, like birthdays, relatives' names and anniversaries. 

Plist Viewer

Plist files, known as Property List XML Files, contain a lot of valuable forensic information in Apple devices. Browser history, Wi-Fi access points, speed dials, Bluetooth settings, global applications settings, Apple Store settings and even more data can be extracted from .plist files.

Reports

When it comes to solving a crime, reports are one of the most important things for the investigator. Popular file formats and ability to export or print the whole set of data or only important parts helps experts to show the result of their work in the best way.

Screen Lock Disabler

With locked devices being a top forensic problem we are doing our best to invent new methods to recover digital evidence even in the most challenging cases.

Social Graph

Social Graph visualizes complex connections inside crime groups.

This is a highly adjustable workplace that allows forensic experts to review connections between mobile device owners and their contacts, pinpoint connections between multiple device owners, and detect their common contacts.

Spyware

Oxygen Forensic® software can detect spyware apps installed on Android and Apple devices, discover and process their logs and configuration files.

SQLite Viewer

SQLite Viewer allows to explore the database files with the following extensions: .sqlite, .sqlite3, .sqlitedb, .db, .db3.

Experts have the access to the actual and deleted data stored in databases created by system and user applications.

Timeline

Timeline allows to view all facts of mobile device usage in one sorted list. 

This section organizes all calls, messages, calendar events, geo data and applications activities in chronological way, so you can easily follow the conversation history without the need to switch between different sections.

WebKit Data

Oxygen Forensic® software can parse WebKit data from iOS and Android devices. WebKit is an engine that is widely used by mobile web browsers and other applications that display information using webpages. WebKit data usually stores emails from webmail interface and content of visited pages.