“Oxygen software”, a Russian developer and supplier of advanced tools for expert data exploration of mobile devices, cloud services, drones and PC introduces new version of its flagship product “Forensic Detective” 11.3, which presents unique opportunities for decoding the physical images of the devices based on MTK chipsets MT6737, implemented the extraction and decryption of the encryption keys from the KeyStore Android that adds support for iOS apps and a cloud service Yandex. Taxi.
We are the first in the field of mobile forensics also provide extraction and decryption of an image of the physical devices on the market, MT6737-protected hardware encryption and Secure Startup mode enabled. Decrypted physical image contains the full file structure of the investigated device.
Moreover, we implemented the extraction and decryption of the encryption keys of the applications from the Android KeyStore. This repository contains the keys to such applications like Signal, Threema, Amazon, Alexa, etc. With the keys opens full access to application data for which they are intended. In version 11.3 the possibility of decoding implemented for the messenger Signal, but a list of apps that support this functionality will be updated.
The news keeps popping headlines about illegal actions committed in taxis. This prompted us to add support for most popular applications online taxi Yandex. Taxi and its cloud service. The program extracts from the application account information, credit card information, trips, saved addresses for Android devices. For iOS devices available account data, information about the last trip and the coordinates of the last location of the device owner. From the cloud service Yandex. Taxis are extracted personal information of the account holder, information about the drivers, cars and favorite places.
“Adding new functionality to extract data from mobile devices — this is something to constantly work our specialists”, — says Sergey Sokolov, General Director of “oxygen software”. “The constant research of pressing issues in the world of mobile forensics has shown us the need to implement the program with additional tools for work with hardware-based encryption. Thus in version 11.3 implements the decoding of the physical images on the MTK chipsets, secure hardware encryption and added extraction of encryption keys from system store Android KeyStore. For us the needs and demands of users is always a priority, so we made app support for iOS and a cloud of Yandex. Taxi, and expanded categories of data gathered from this app on Android devices. We always try to focus on the uniqueness of the added functionality that distinguishes us in our industry.”
11.3 was updated module “Scout”. Added the ability to search and backup iTunes. Found backup you can import and perform. In addition, there is the possibility to extract credentials from the portable versions of programs and programs that are installed in non-standard ways. Now, experts can choose the appropriate search mode: Fast, Optimal or Full. Consider the functionality of the search modes Optimal or Complete.
Finally, we expanded the list of Apple services and added support for cloud-based mapping service Apple Maps, which contain information about the account owner, geo-coordinates and photos of places from your search history and favorite spots.
In addition to the improvements in the program, you can mark other important updates version 11.3:
Data Extraction Wizard. Implemented import of physical Android image obtained by MSAB XRY.
Extraction wizard from Cloud Services. Google Drive added the ability to select the format of downloadable files such as: documents, spreadsheets, presentations, etc.
Data Extraction Wizard. Import the logs of the flight drones. Added filter data based on the serial number of the drone, which prohibits the simultaneous import flight logs from different drones of the same model.
Extraction wizard from Cloud Services. Added support for new API for Google Photos.
Extraction wizard from Cloud Services. Added support of My Parrot Cloud.
Extraction wizard from Cloud Services. Updated authorization for all iCloud services.
Read more •••