As various types of Android smartphones are being launched in the market, forensic studies are being conducted to test data acquisition and analysis. However, since the application of new Android security technologies, it has become more difficult to acquire data using existing forensic methods.
A physical acquisition of Android smartphones can be achieved using the flash memory read command by reverse engineering the firmware update protocol in the bootloader. Our experimental results demonstrate that the proposed method is superior to existing forensic methods in terms of the integrity guarantee, acquisition speed, and physical dump with screen-locked smartphones (USB debugging disabled). Now there is an option to acquire Android data via Wi-Fi This comes in handy if the USB connection is broken, damaged, or just not working. Furthermore, the redesigned OxyAgent utility now allows investigators to make screenshots of Android data and view them together with the extracted data in the Oxygen Forensic Detective interface.Android Forensic Data Analyzer (AFDA): An Opensource Tool to Automatize.
Mobile Data ExtractionThis year we have significantly enhanced our support for Android and Apple iOS devices by introducing powerful and leading edge methods.First, we added the exclusive built-in ability to bypass screen locks, perform physical extractions, and decrypt physical dumps of the latest Huawei devices running Android OS 9-10 based on Kirin 980, 970, 710 and 710F chipsets. Let’s take a look at the innovative functions brought to our users in Oxygen Forensic® Detective in the last six months. Undoubtedly a challenging time however, we released four significant updates with a tremendous amount of enhancements in all our main software modules. A special feature of Oxygen.We’re halfway through the year, and it is time to recap what useful features we have introduced to the forensic community. There are many ways to gain the root access at the Android device, the description of which is beyond the scope of this book. As this area of digital forensics grow in scope.
Oxygen Forensics Android Root Full File System
Finally, the updated OxyAgent utility allows users to perform selective extraction to collect only what the investigator may need, or require, for the investigation.As for Apple iOS devices, we’ve added the ability to extract full file system and keychain from Apple iOS devices jailbroken with the checkra1n and Unc0ver jailbreaks. Furthermore, the redesigned OxyAgent utility now allows investigators to make screenshots of Android data and view them together with the extracted data in the Oxygen Forensic® Detective interface. Now there is an option to acquire Android data via Wi-Fi! This comes in handy if the USB connection is broken, damaged, or just not working. Additionally, investigators can root and perform physical extractions of Mediatek arm64 Android devices with the security patch level up to and including March 1, 2020.Next, we added screen lock bypass and physical extraction of Android devices based on the following chipsets: Spreadtrum SC9850, Spreadtrum SC9863, Spreadtrum SC7731E and Spreadtrum SC9832E.That is not all! Android logical extractions have been significantly enhanced. Now investigators can obtain root rights and perform physical extractions of unlocked Android devices utilizing Android OS 7 with the security patch level up to and including June 2018, as well as Android OS 8 and higher with the security patch level up to and including October 2019. Huawei dump methodSecond, we’ve enhanced our software rooting capabilities.
DAR archives of Apple iOS, Android, and KaiOS file systems, as well as E01 Android images.Finally, we have completely redesigned our Import Wizard making it possible to configure all the import settings BEFORE backup parsing, as well as search data by keywords, hash sets, regular expressions and other criteria during backup import. Backup importLive data extraction aside, we support nearly 40 backups and images for import.Over the last 6 months, we have managed to implement support for Twitter, Snapchat, Instagram and Facebook Warrant Returns.In addition, we have added the ability to import. This evidence set will include user data and credentials from the most popular messengers, email clients, and web browsers.Finally, our powerful and innovative Oxygen Forensic KeyScout can locate and decrypt a vast variety of computer artifacts and credentials for various pre-installed Apple apps on macOS, as well as Signal Messenger on both Windows and macOS.
All In One: Merging Extractions in Oxygen Forensic® Detective October 12, 2021 Building a faster and more efficient viewer will now allow investigators to quickly view the larger databases in the shortest time possible by utilizing our powerful JetEngine back end.Continue to check in and follow us on social media to keep up with the cutting edge and innovative features we have coming for mobile, cloud, and computer artifacts hunting!Want to try Oxygen Forensic Detective? Ask for a demo license here. The database will be opened in a separate tab that will be saved between sessions, like all the other program tabs. Statistics sectionThe second section introduced this year is the Reports section, which allows investigators to find all the generated reports in one location.Lastly, we’ve added the ability to open SQLite databases in the newly designed File Viewer by clicking on SQLite database. One new view, our Statistics section, allows investigators to quickly gather actionable intelligence of a user’s activity, as well as the investigator’s interactions with the evidence. Our supported app versions now exceed 16,000!We continue to test and develop new built-in analytical tools.
Oxygen Forensic® Detective v.14. Android App Downgrade September 21, 2021 Customizing Password Attacks September 28, 2021
0 kommentar(er)
