Release notes November 2017

Oxygen Forensics, Inc 901 N. Pitt St, Suite 100 Alexandria, VA 22314 Tel : 844 537-2537 Fax : 877 462-2134

Oxygen Forensics, Inc 901 N. Pitt St, Suite 100 Alexandria, VA VV 22314Tel : 844 537-2537 Fax : 877 462-2134 TT

Oxygen Forensic® Detective v.10ADVANCED WHATSAPP EXTRACTION NEW CLOUD SERVICES

Oxygen Forensics extends inves�ga�on capabili�es with a number of new cloud services and delivers the industry first support for them.

Mi Cloud. Xiaomi phones are quite popular these days as they give users great specs and value for money. Xiaomi users can store their contacts, calls,

messages, calendar, and other personal data in Mi Cloud. The updated Oxygen Forensic® Cloud Extractor offers a brand-new ability to extract all available informa�on from Mi Cloud via login/password or token.

Workplace by Facebook. This is a collabora�ve pla�orm used to communicate via groups and to chat with colleagues in a corporate environment.

While extrac�ng a mobile device, forensic experts may find an app token that can be used to enter Workplace account and download groups, chats with a�achments, and other available data.

Samsung Gallery. Oxygen Forensic® Detec�ve now extracts photos, videos and documents (both live

and deleted) from Samsung Cloud. Photos and videos are acquired together with geo coordinates that can be opened in Oxygen Forensic® Maps.

Samsung Cloud backup. Now forensic experts can import and parse complete Samsung Cloud backups that can be accessed via login/password

or token. Backups may contain contacts, calls, messages, calendars, files, and Wi-Fi history.

We’ve added two industry-first features in the algorithm of WhatsApp data extrac�on.

WhatsApp backup decryp�on with 2-step verifica�on. This verifica�on is an op�onal feature that adds

more security to the account. If it is enabled, any a�empt to verify the phone number on WhatsApp must be accompanied by the six-digit PIN created by the user. The decryp�on of WhatsApp backup is not possible without the PIN code. The latest Oxygen Forensic® Cloud Extractor offers either the opportunity to enter the PIN (if it is known) or several ways to deac�vate it. Once the PIN is entered or deac�vated forensic experts can extract and decrypt full WhatsApp backup from iCloud or Google Drive. The backup usually contains data on the account owner, his/her contacts, chats, and calls.

Unique WhatsApp data from the server.We’ve added a special WhatsApp Cloud service that allows forensic experts to acquire undelivered

messages with a�achments, missed calls, contacts, and informa�on about groups and their par�cipants directly from the WhatsApp server. This service can be extremely useful in case when the device is damaged, locked, or missing. Following the instruc�ons for the WhatsApp Cloud service, forensic experts can obtain access to WhatsApp server even without the need for a mobile device itself.

UNSUPPORTED APPS PARSING

Oxygen Forensics, Inc 901 N. Pitt St, Suite 100 Alexandria, VA 22314 Tel : 844 537-2537 Fax : 877 462-2134

Release notes November 2017

Oxygen Forensic® Detective v.10Some popular apps have their own clones that are not widely-known and can be used by criminals to hide their ac�vi�es. In Oxygen Forensic® Detec�ve v.10 forensic experts can parse such unsupported clone apps using a supported app template. For example, there is a number of Telegram Messenger clones that now can be parsed in Oxygen Forensic® Detec�ve even if they are not officially supported.

Now, before performing a physical extrac�on or dump import, forensic experts can choose which sec�ons should be parsed from a mobile device. Oxygen Forensic® Extractor shows a list of sec�ons to be selected for parsing. This feature can be of u�ermost importance when an inves�gator is authorized to extract only par�cular type of evidence. Moreover, selec�ve reading significantly speeds up the extrac�on process.

The updated program version allows to import and merge several dumps of the same drone together. If forensic experts have two separate dumps of external and internal drone storages, now, they can merge them to be able to analyze drone data in one view. Moreover, Oxygen Forensic® Detec�ve v.10 supports DJI Metrice 600 drone and parses FreeFlight Pro app from iOS and Android devices.

SELECTIVE PHYSICAL EXTRACTION

DRONE SUPPORT ENHANCEMENTS

Now, forensic experts can bypass screen lock on a larger amount of Motorola devices: Moto XT1684, Moto XT1685 (Dual SIM), Moto XT1687 (USA), Moto XT1681, and Moto XT1683.

SCREEN LOCK BYPASS FOR MOTOROLA DEVICES

We’ve added support for 2-factor authen�ca�on to iCloud services. Now, forensic experts can acquire iCloud data even with the 2FA enabled.

2FA SUPPORT FOR ICLOUD SERVICES

Three new predefined keyword lists are now available in Keyword Manager. Forensic experts can apply Guns, Human Trafficking or Money Laundering keyword lists to find the required evidence.

PREDEFINED KEYWORD LISTS

We’ve added several significant interface improvements to the SQL Editor: display of the linked table, naviga�on in the linked table, and highligh�ng of the linked fields.

IMPROVED SQLITE VIEWER

APPLICATIONSNEW

IOS

Bread Wallet (0.6.7)

Facebook Workplace (143.0)

FreeFlight Pro (5.0.2)

ANDROID

Facebook Workplace

(141.0.0.31.91)

FreeFlight Pro (5.0.2)

Workplace Chat (141.0.0.32.76)

UPDATED

IOS

Facebook Messenger (141.0)

Google Chrome (60.0.3112.72)

Google Duo (21.0)

GroupMe (5.12.5)

Instagram (21.0)

KakaoTalk (6.5.1)

Kik Messenger (11.33.0)

Passbook (11.0)

Skype (8.8)

Telegram (4.4)

Twitter (7.10)

Viber (7.9)

Visa Qiwi Wallet (5.19)

Wechat (6.5.21)

WhatsApp (2.17.71)

ANDROID

Facebook Messenger

(142.0.0.18.63)

Google Chrome (60.0.3112.116)

Google Duo (21.0)

Google Hangouts (22.0)

Instagram (21.0)

KakaoTalk (6.4.6)

Kik Messenger (11.37.0.18906)

Telegram (4.4.2)

Twitter (7.20.0)

Viber (7.9.0.6)

Visa Qiwi Wallet (3.7.0)

Wechat (6.5.16)

WhatsApp (2.17.395)

And many more!