Oxygen Forensic Suite Download Scientific Diagram
My overall impression of DETECTIVE’s features:Download scientific diagram Oxygen Forensic Suite 2011 (Oxygen Software Company, 2011) GUI with backup files loaded. I thought this would be a great opportunity to test out a new tool. I have quite a bit of mobile device forensics experience, but mostly using other tools, and very little experience with Oxygen Forensics products. Cases and item categories are defined using XML files, for easy integration with other tools.Recently I saw an email from ForensicFocus.com seeking a volunteer to write a review for Oxygen Forensics’ DETECTIVE Mobile Device Forensics Suite. Mobius Forensic Toolkit is an open-source forensic framework written in Python/GTK that manages cases and case items, Mobius Forensic Toolkit is an open-source forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions.
Oxygen Forensic Suite Drivers To Be
I downloaded the newest version of the software from the Oxygen site, as well as a “driver pack” of device drivers to be installed on the computer. Oxygen Forensic Suite was added to AlternativeTo by GetaName on Feb – Intuitive functionality and easy to personalize reporting mechanism– Robust Social Graphing and Social Charting capabilities– Ability to analyze data acquired from multiple devices and create integrated timelines and maps– Smart phone savvy, even with models not supported on their website “feature” (non-smart phones) not supported as robustlyInstallation of DETECTIVE was fairly straightforward. 2 MOBILedit 3 MOBILedit Forensic. Oxygen Forensic® Suite is able to acquire from Chinese devices important user data like event log, messages, contacts and files.Popular alternatives. Chinese Phones Support Chinese Phones Support enables forensic experts to extract data from popular phone replicas and low-cost devices.
The timeline portion was also helpful, and I’ll discuss this feature more in depth a little later in this report.After I finished examining the iPhone 5s results, I hooked up a Samsung Galaxy to be acquired. The items I had marked as “Key Evidence” were presented early in the report, right after the device information and aggregated contacts. This was a much appreciated feature, as smart phone reports can get quite large.I generated a PDF report and was pleased with the layout. There were also numerous checkbox options that allow you to select what categories you would like to add or remove from the report.
It does a FANTASTIC job! Social Graph creates a link chart with all forms of communications that it can find (calls, SMS, chat apps, etc.) and lets an examiner instantly see with whom the user of the device has frequent communications. I decided to take a look at DETECTIVE’s “Social Graph” function.Social Graph is one of the methods that DETECTIVE provides to let examiners visualize a user’s activities. The rooting process was unsuccessful, but DETECTIVE automatically acquired the phone data by backing the device up.The Android contained quite a bit more information than the iPhone 5s, so there was more content to look at. DETECTIVE gave me a list of steps to be performed on the device and then it attempted to root the Android phone. I selected an aggressive option which included trying to root the device in order to acquire a physical acquisition.
It also had a tab with statistics which broke down what percentage of our communications used certain methods (SMS, Calls, etc.), and a communications tab listing every communication I’ve had with that person dating back over five years, and including two previous iPhones, all sorted in chronological order.For these reasons and others, I fell in love with the “Social Chart” module.After I examined the Android device, I acquired a fully updated iPhone 6. I clicked on that individual and was presented with an “Index Card” containing their contact info. The software allowed me to drag and drop a start and end date on the slider at the bottom of the screen.– I wanted to remove Twitter chats from the chart and was able to deselect “Twitter Messages” from the “Type” options in the upper right.– I noticed that one person accounted for a sizeable chunk of my activity. A slider on the upper right allowed me adjust and limit the chart to only show individuals with whom I’d had a large number of communications.– I wanted to limit the chart to a specific time period. Here are some of the things I was able to do with the Social Graph tool on an iPhone 6 dump.– I had so much activity on the phone that the initial chart was incredibly busy.
DETECTIVE brought up a sub menu of 24 files associated with that app including telling me what extension the files were and how big they were. I clicked on the folder and was taken to a list of all applications on the device, including those which were parsed, those which were part of standard iOS installs, and third party apps.I navigated to a third party app that wasn’t supported by any forensics tool that I’m aware of but which I use quite frequently. There was also a generic looking folder named “applications” which indicated that it had 112 entries underneath it. For example: navigation apps had a search history fitness apps had my workout history (and GPS logs), and so on. With the constantly changing app landscape, it’s critical to be able to examine applications that aren’t automatically parsed for you by the tool.In the applications section of the DETECTIVE user interface, several apps were listed with a short summary of activity count in the app. Just about every forensics tool does a good job parsing data from major apps such as Skype and WhatsApp, but what I was interested in was how DETECTIVE handled data from applications that weren’t supported.
This time the window was the “Oxygen Forensic SQLite Viewer,” which is very similar to the Plist viewer. Sql file associated with the application and one again the file was instantly opened in a new window. The tool is very well done.Next up I clicked on a. I was able to easily navigate through the records and also view the raw data at the bottom of the screen and what the value was in about 20 different types of encodings on the right hand side of the screen, including multiple time stamp formats.
DETECTIVE has very well designed tools included to analyze such apps. It only took around a second to run and found four deleted records in one of the tables.As I stated earlier, most forensics tools parse the popular apps, but many of them require the use of other tools to parse third party apps that aren’t supported. This made it incredibly easy to identify timestamps in fields.I noticed a “Recover Deleted Records” button at the top of SQLite Viewer, so of course I had to press it.
While I wasn’t able to fully test the call data records tool, I made a quick dummy CSV file. The cloud data had a similar user interface as the phone data, including a timeline, social graph, aggregated contacts, etc.DETECTIVE offers several other tools, including maps and the ability to import call data records from cell phone service providers. DETECTIVE had data parsed within a few minutes and added the data obtained to my “test1” case with the three devices that I had previously examined. I entered credentials for a cloud service.
0 kommentar(er)
