Import of Samsung Smart Switch backups

Samsung Smart Switch is used to transfer content between Samsung Galaxy devices. Samsung Smart Switch backups can be created using Samsung Smart Switch on a desktop or with the mobile app.

Oxygen Forensic® Detective 13.2 now enables import, decryption, and parsing of Samsung Smart Switch backups, a great alternative source of evidence from Samsung devices. Currently, decryption is possible with a known password. Once imported, Samsung backup data will consist of contacts, calls, messages, cached app pictures, apk files, Samsung web browser data, information about Wi-Fi connections, and access points.

By adding import of Samsung Smart Switch backups, Oxygen Forensics has significantly extended its catalog of supported Samsung devices which already included screen lock bypass for Samsung Exynos devices as well as cloud extraction of Samsung backups, Samsung Secure Folder, and Samsung Cloud data.

MOBILE FORENSICS

Acquisition of Android 10 devices

In Oxygen Forensic® Detective 13.1, we introduced file system extraction for pre-rooted Android devices, including those that run Android OS 10 and have File-based encryption.

In Oxygen Forensic® Detective 13.2, we made yet another step forward – now investigators can use the root exploits available in Oxygen Forensic® Extractor to temporally gain root rights and acquire a file system from Android OS 10 devices with FBE. Evidence sets will include not only basic device data but applications as well.

MOBILE FORENSICS

Oxygen Forensic®

DETECTIVEversion 13.2

90cloud services

590+unique apps

19,500+app versions

39,000+devices computer artifacts

102

DECEMBER

Oxygen Forensics www.oxygen-forensic.com support@oxygen-forensic.com

Enhanced OxyAgent utility

We’ve made significant enhancements to our OxyAgent utility this year. Investigators can extract logical data from any unlocked Android device as well as screenshot data and extract evidence from WhatsApp and Signal Messengers.

Oxygen Forensic® Detective’s OxyAgent in 13.2 brings two key enhancements:

MOBILE FORENSICS

• Extraction of all apk files – with this data, investigators can quickly gain insights into what apps were installed on an Android device, including possible malware.

• Extraction of the information about the file system – this includes file name, creation and modification date, size, and path. If a device has root rights, OxyAgent will also extract the information about the files access to which is only possible for rooted devices. This evidence might be used to find suspicious files by hash sets when file content is not of primary importance.

Extended checkm8 support

With every release we extend our checkm8 support. Oxygen Forensic® Detective 13.2 now allows investigators to acquire a full file system and keychain from the following devices running iOS up to 14.3:

Moreover, we’ve added support for iPhone 5S devices running iOS 12.2 – 12.5. Please check the full compatibility list in Oxygen Forensic® Extractor under the iOS Advanced Extraction option.

MOBILE FORENSICS

• iPhone 6S • iPhone 6S Plus • iPhone SE • iPhone 7 • iPhone 7 Plus • iPhone 8 • iPhone 8 Plus

• iPhone X• iPad 5 • iPad 6 • iPad 7 • iPod Touch 7• iPad mini 4

Oxygen Forensics www.oxygen-forensic.com support@oxygen-forensic.com

VIPole and Evernote cloud extraction

Two new cloud services were introduced in this update – Evernote and VIPole. In total, Oxygen Forensic® Detective 13.2 enables cloud data extraction from 90 unique cloud services. There is no other company that supports more services.

CLOUD FORENSICS

• VIPole – this app offers secure messaging, video, calls, and sharing for individuals, teams, and enterprises. With the updated Oxygen Forensic® Cloud Extractor, investigators can gain access to contacts, chats, calls, notes, balances, subscriptions, passwords, and other data using the corresponding login credentials or a token.

• Evernote – While primarily designed for notetaking, this app also assists with organization, task management, and archiving. Like VIPole, authorization is available via login credentials or token. Oxygen Forensic® Cloud Extractor will extract account information, notes, chats, contacts, and other available data.

• Investigators can now automatically categorize extracted maps and QR/Barcodes using our Image Categorization engine. In total, our Image Categorization tool offers 16 categories for data organization, including weapons, drugs, child abuse, nudity, extremism, vehicles, chats, and more. • Our Facial Recognition engine can now identify people wearing masks, hats, and glasses.

Oxygen Forensics www.oxygen-forensic.com support@oxygen-forensic.com

Enhanced Image and Facial Recognition

We’ve made two improvements to our built-in Image and Facial Recognition sections:

DATA ANALYSIS

Extraction of new computer artifacts

The updated Oxygen Forensic® KeyScout allows investigators to collect user data from 5 new apps: Zalo, Pidgin, Gajim, Adium, and Tor Browser. We’ve also updated data collection from WhatsApp Desktop, Viber Desktop, and Firefox. To top that all off, KeyScout gives investigators the option to set time-filters for data collection and choose to extract all the files from Documents, Desktop, and Downloads folders.

COMPUTER ARTIFACTS

Check the WhatsNew file in your customer area or in the software to see the full list of changes.