SHARE THIS POST
Recent Posts
FOLLOW IAASTEAM
IAASTEAM POST INFORMATION
Oxygen Forensic Detective V16.0 Activate With IAASTeam Official
About Oxygen Forensic Detective v.16 Updates.
October 24, 2023
Oxygen Forensic® Detective v.16 updates include new updates to analysis and analytic tools, KeyScout, Device Extractor, supported apps, expansion of cloud support, and more.
For a full list of updates, refer to the “What’s New” file in the Oxygen Forensic® Detective “Options” menu.
Mobile Forensic Updates
Extraction of public data via iOS Agent
You can now extract public data via iOS Agent from Apple iOS devices with versions 12 and higher. Public data includes device information, contacts, calendar events, photos, media files, and shared files. This method is recommended when full file and keychain extraction is not supported or cannot be done.
Changes in version 16.0.1 (October 2023):
Oxygen Forensic® Extractor. Added the ability to extract public data via iOS Agent from Apple iOS devices.
Oxygen Forensic® Extractor. Added the animated instructions for the checkm8 method.
Oxygen Forensic® Extractor. Added the ability to extract Apple iOS 17 devices via iTunes backup procedure.
Oxygen Forensic® Extractor. Added the ability to extract data via iTunes backup procedure from iPhone 15, iPhone 15 Plus, iPhone 15 Pro and iPhone 15 Pro Max.
Oxygen Forensic® Extractor. Added the ability to extract the full file system and keychain from iPhone 6s and iPhone 7 devices running iOS version 15.7.9.
Oxygen Forensic® Extractor. Added the ability to conduct logical extraction, make screenshots and video recordings of data via Android Agent from Android OS 14 devices.
Oxygen Forensic® Extractor. Added the ability to extract Android KeyStore from devices with the pre-installed Android OS 13.
Oxygen Forensic® Extractor. Updated the ability to extract WhatsApp and WhatsApp Business via Android Agent.
Oxygen Forensic® Extractor. Updated the ability to extract Discord via Android Agent.
Oxygen Forensic® Extractor. Updated the ability to extract Viber via Android Agent.
Oxygen Forensic® Extractor. Updated the ability to extract Google Chrome via Android Agent.
Oxygen Forensic® Extractor. Updated the ability to extract X (Twitter) via Android Agent.
Oxygen Forensic® Extractor. Updated the ability to extract Telegram via Android Agent.
Oxygen Forensic® Extractor. Updated the ability to extract Kik via Android Agent.
Oxygen Forensic® Extractor. Added the ability to re-extract data protected with the screen lock passcode if the first attempt to extract it via Android Agent method failed.
Oxygen Forensic® Extractor. Redesigned the selective data extraction window in the Android Agent.
Oxygen Forensic® Cloud Extractor. Added support for CAPTCHA for WhatsApp cloud.
Oxygen Forensic® Cloud Extractor. Updated the ability to extract data from WhatsApp QR Multi-device.
Oxygen Forensic® Cloud Extractor. Updated the ability to authorize in Huawei Cloud Data.
Oxygen Forensic® KeyScout. Added the ability to decrypt VeraCrypt containers with keyfiles.
Oxygen Forensic® KeyScout. Added the ability to decrypt user passwords extracted from FileZilla Client.
Oxygen Forensic® KeyScout. Added the ability to decrypt logins and passwords saved in the system VPN client.
Oxygen Forensic® KeyScout. Added the ability to extract serial numbers of macOS computers.
Oxygen Forensic® KeyScout. Added data parsing from VeraCrypt app from Windows, macOS and GNU/Linux.
Oxygen Forensic® KeyScout. Added data parsing from IrfanView app from Windows.
Oxygen Forensic® KeyScout. Added data parsing from KMPlayer from Windows.
Oxygen Forensic® KeyScout. Added the ability to extract Dropbox from GNU/Linux.
Oxygen Forensic® KeyScout. Added the ability to extract the creation and modification dates of APFS partitions.
Oxygen Forensic® KeyScout. Added the ability to extract the history of the user logins from Apple System Logs (ASL) from macOS.
Oxygen Forensic® KeyScout. Added the ability to extract the information about documents printed with CUPS (Common UNIX Printing System) from macOS and GNU/Linux.
Oxygen Forensic® KeyScout.Added the ability to extract the information about trusted documents and locations stored in MS Office apps.
Oxygen Forensic® KeyScout. Added the information about bookmarks and sessions of web browsers based on the Blink engine.
Oxygen Forensic® KeyScout. Added the ability to import the list of search paths and excluded file paths.
Oxygen Forensic® KeyScout. Updated the ability to extract Dropbox from Windows and macOS.
Oxygen Forensic® KeyScout. Extended the information extracted from the cache of apps based on the Blink engine from Windows, macOS andGNU/Linux.
Oxygen Forensic® KeyScout. Extended the ability to generate a report about performed operations.
Oxygen Forensic® KeyScout. Improved the ability to download symbols from Windows Server.
Oxygen Forensic® KeyScout. Improved the overall functionality and UI.
Import. Added the ability to decrypt physical images of Honor 7S and Huawei Y5 devices.
Import. Added the ability to extract file metadata from UFED extractions of CLBX format.
Import. Updated support for Mediatek-based Android devices having TEE T6.
Import. Updated support for UNISOC-based Android devices having TEE Trusty.
Contacts. Added deduplication of events in the Contacts card and Communications panel.
File Viewer. Added the ability to open binary XML files.
Export. Added the ability to export email messages to MSG format of Microsoft Outlook.
Export. Added the ability to export contacts to VCF format.
Export. Excluded .SMIL files from reports.
Export. Improved the Reports section.
Applications. Added the ability to filter by missing attachments.
Applications. Added data parsing from over 2500 new app versions from Apple iOS and Android devices. The total number of supported versions exceeds 43800.
Applications. Social Networks. Added data parsing from Bumble (5.339.1) from Android devices and Bumble (5.306.0) from Apple iOS devices.
Applications. Business. Added data parsing from Todoist (v11034) from Android devices and Todoist (23.9.15) from Apple iOS devices.
Applications. Business. Added data parsing from Samsung My Files (10.1.13.391) from Android devices.
Applications. Business. Added data parsing from Gmail Go (2022.10.10.480125827) from Android devices.
Applications. Messengers. Updated data parsing from Facebook Messenger (423.0.0.25.113) from Android devices and Facebook Messenger (422.0) from Apple iOS devices.
Applications. Messengers. Updated data parsing from Telegram (10.0.2) from Android devices and Telegram (10.1.2) from Apple iOS devices.
Applications. Messengers. Updated data parsing from WhatsApp (2.23.19.84) from Android devices and WhatsApp (23.20.1) from Apple iOS devices.
Applications. Messengers. Updated data parsing from Skype (8.104.0.208) from Android devices and Skype (8.99.1) from Apple iOS devices.
Applications. Messengers. Updated data parsing from Viber (21.1.0.0) from Android devices and Viber (21.1.0) from Apple iOS devices.
Applications. Messengers. Updated data parsing from ICQ (23.1.1(10011564)) from Android devices and ICQ (23.1.1) from Apple iOS devices.
Applications. Social Networks. Updated data parsing from Instagram (297.0.0.40.109) from Android devices and Instagram (303.3) from Apple iOS devices.
Applications. Social Networks. Updated data parsing from JusTalk (8.8.26) from Android devices and JusTalk (8.7.44) from Apple iOS devices.
Applications. Social Networks. Updated data parsing from X (Twitter) (10.7) from Apple iOS devices and X (Twitter) X (10.10.0-release.0) from Android devices.
Applications. Social Networks. Updated data parsing from Facebook (428.0) from Apple iOS devices and Facebook (435.0.0.42.112) from Android devices.
Applications. Social Networks. Updated data parsing from Snapchat (11.65.1.32) from Android devices.
Applications. Social Networks. Updated data parsing from Moj (23.16.1) from Apple iOS devices.
Applications. Business. Updated data parsing from Gmail (2023.08.20.561750975) from Android devices and Gmail (6.0.230723) from Apple iOS devices.
Applications. Business. Updated data parsing from TempMail (3.36) from Android devices and TempMail (3.1.1) from Apple iOS devices.
Applications. Business. Updated data parsing from Xiaomi Notes (6.0.9) from Android devices.
Applications. Web Browsers. Updated data parsing from Google Chrome (118.0.5993.48) from Android devices and Google Chrome (118.0.5993.585) from Apple iOS devices.
Applications. Web Browsers. Updated data parsing from Samsung Internet Browser (22.0.6.9) from Android devices.
Applications. Web Browsers. Updated data parsing from Vivaldi Browser (6.2.3110.86) from Android devices.
Changes in version 16.0 (September 2023):
Oxygen Forensic® Extractor. Added the ability to extract hardware keys and decrypt physical dumps of devices based on the UNISOC T606, T616, T612 and T310 chipsets and running Android OS 10 – 13.
Oxygen Forensic® Extractor. Added the ability to extract hardware keys and decrypt physical dumps of Xiaomi Redmi 7A/8/8A devices based on the Qualcomm SDM439 chipset.
Oxygen Forensic® Extractor. Added the ability to extract app data from Android devices with OS 12-13 using the APK Downgrade method.
Oxygen Forensic® Extractor. Added the ability to extract the file system and keychain via iOS Agent from iOS devices running iOS 14.6 – 14.8.1, 15.6 – 15.7.1, and 16.0 – 16.5.
Oxygen Forensic® Extractor. Added the ability to extract the full file system and keychain via checkm8 from Apple iOS devices with iOS version 15.7.8.
Oxygen Forensic® Extractor. Added the ability to extract and analyze iTunes backups made from iOS 17 Beta devices.
Oxygen Forensic® Extractor. Added the ability to extract Samsung Browser data from Android devices via Android Agent.
Oxygen Forensic® Extractor. Added the ability to brute force passcodes for Briar app in the Full File System extraction method for Android devices.
Oxygen Forensic® Extractor. Added the information about keychain extraction via iOS agent in the Devices section.
Other extractor updates
We added several enhancements to our extraction methods: Added extraction of iOS 17 devices via iTunes backup procedure.
Extractions are now much easier with animated instructions incorporated in the checkm8 method.
Android KeyStore extraction is now supported for devices with pre-installed Android OS 13.
Added ability to conduct logical extractions, as well as make screenshots and video recordings of data via Android Agent from Android OS 14 devices.
Updated ability to extract WhatsApp, WhatsApp Business, Discord, Viber, Kik, Telegram, X (Twitter), and Google Chrome data via Android Agent.
Using Android Agent, you can now re-extract data protected with a passcode if the first attempt fails.
New app support
We added support for the following new apps:
Bumble (Android, iOS)
Todoist (Android, iOS)Samsung My Files (Android)
Gmail Go (Android)
The total number of supported app versions now exceeds 43,800.
Import Updates
In Oxygen Forensic® Detective v.16.0.1, we added the following functionality:
Import and decryption of physical images of Honor 7S and Huawei Y5
Extraction of metadata from UFED extractions of CLBX
We also updated support for MTK-based devices having TEE T6 and UNISOC-based devices having TEE Trusty.
Cloud Forensic Updates
In this release, we updated support for WhatsApp QR Multi-Device service and Huawei Cloud Data. Moreover, we added support for CAPTCHA for WhatsApp cloud.
Computer Artifact
Decryption of VeraCrypt containers with key files
The updated Oxygen Forensic® KeyScout allows decryption of VeraCrypt containers using one or several key files. A user can create a list of key files for every VeraCrypt container and apply them to decrypt it.
The updated Oxygen Forensic® KeyScout enables users to collect the following new artifacts:
IrfanView app from Windows
KMPlayer from Windows
Dropbox from GNU/Linux
The creation and modification dates of APFS partitions
The serial number of a macOS computer
The history of the user logins on macOS
Information about trusted documents and locations stored in MS Office apps
Information about documents printed with CUPS (Common UNIX Printing System) from macOS and GNU/Linux
Information about bookmarks and sessions of web browsers based on the Blink engine
Additionally, you can now decrypt user passwords extracted from FileZilla Client as well as logins and passwords saved in the system VPN client.
Export Updates
We added several enhancements to the Export engine. Now contacts can be exported to VCF format. Moreover, .SMIL files are now excluded from reports.
Interested in trying out Oxygen Forensic® Detective v.16.0.1
Oxygen Forensics, Inc. oxygenforensics.com support@oxygenforensics.com