“Oxygen software” has announced a new version of its flagship product “Forensic Detective” 11.5. It has the bypass hardware encryption for MTK Android devices, added support for parallel connect multiple iOS devices and the iOS 13. Also in the module “Cloud Services” adds support for iCloud storage Backup 11.2+ iOS 11.2 and higher with enabled two-factor authentication services, Line messenger, and Line Google Backup.
It is no secret that hardware encryption is one of the main problems of data analysis of mobile devices, faced by the experts. This type of encryption is increasingly used in modern devices, because it is more reliable and based on special hardware keys are tied to a specific device.
For device protected by hardware-based encryption has the following procedure:
retrieving the encrypted physical image of the device;
extract the hardware keys.
Next comes the decoding of the physical image with extracted key and the user password. If the handset is off the Secure Startup mode, it automatically uses the default password, default_password.
“Working with protected user information is a trend in the modern world of digital forensics and requires an individual approach”, — says Sergey Sokolov, General Director of “oxygen software”. “Our experts managed to devise a way to bypass hardware encryption devices based on MTK chipsets with replacement of the original boot image is our modified. This functionality will significantly simplify access to encrypted data with the help of oxygen Forensic Suite 11.5 and will be indispensable in the work of the experts.”
This method allows you to gain root access to the device and to extract the complete decrypted image of the file system. Method universal for the devices on chipsets MediaTek.
Oxygen Forensic ® Suite 11.5 supports the 467 unique applications, 74 cloud service, more than 11 200 versions of applications and 30,000 devices.
Other updates “Mobile Forensic Detective” the version 11.5:
Extraction wizard from Cloud Services. Added support for CAPTCHA service Mail.ru Mail.
Extraction wizard from Cloud Services. Increased speed of data extraction from Google Photos.
Extraction wizard from Cloud Services. Added parsing of new data types to the profile owner and device information service Huawei Cloud Data.
Extraction wizard from Cloud Services. Google My Activity added parsing of new data types: Google Takeout, Google My Business, Discover, Kids, Home, Device Information, Podcasts.
Extraction wizard from Cloud Services. Updated authentication mechanism with login/password in the Telegram service.
Oxygen Forensic Scout. Added ability to specify custom search settings, brute-force and data saving via menu or configuration file.
Oxygen Forensic Scout. Improved user interface.
Viewer SQLite. Improved work with non-standard names for tables and fields, improved recovery of deleted records.
Viewer SQLite. Implemented display of information about the structure of the database in the format of DDL (Data Definition Language).
App. Business. Added support Samsung Memo (16.0.00-342) for Android devices.
App. Messengers. Added support Zangi Private Messenger (4.5.7) for Apple iOS devices.
App. Messengers. Added support Zangi Private Messenger (4.8.1) for Android devices.
Read more •••