Name: Oxygen Forensic Suite 2013

Text: 1

Oxygen Forensic Suite

m

1

r

,

h'D:l:~~~:m

Oxygen Forensic Suite :

1

htb:llwww.owaen-forensic.~~m

+ l 877 9 OXYGEN
+44 20 8133 8450
+7 495 222 9278

Links and Stats in
Oxygen Forensic Suite
General data extraction (contacts, speed dials, caller groups, calendar, SMS, E-mail,
calls, tasks, notes, Wi-Fi and 3G activity)
Geo event positioning - WF/XMP headers, Nokia LifeBlog

Yes

Yes
I

Yes

$

Yes

Deleted data
Web cache and bookmarks analyzer (various browsers supported)

Yes

User dictionaries

Yes

Web Connectionsand Location Services

Yes

Timeline & Geo Timeline for all phone events

Yes

Aggregated Contacts

Yes

Oxygen Forensic Suite introduces several statistical analysis tools offering
forensic specialists the ability to quickly reveal social connections between
users of mobile devices under investigation and their contacts. Links and
Stats section provides a convenient tool to explore social connections between
device owner and his contacts by analyzing calls, all kinds of messages and
applications activities.

Yes

Key Evidence

I

-

I Social Networks [Instagram, Facebook, Twitter, Foursquare, LinkedIn, VK etc)

I

I Messengers (Skype, Touch, WhatsApp, Viber, Kik, Textie, Facebook, HeyTell &c)

I

-

I Passwordsfor a~~lications

I List of installed applications
--

l

y

l

y

I

e

1

e

1

Productivity(Dropbox, Evernote, Remember The Milk &c)

Yes

Multimedia (Hide it Pro, YouTube)

Yes

Travel (8ooking.com, Tripit free, Skyscanner)

Yes

Advanced search in multiple devices running in background

Yes

I Links & Stab for several devices - table and diagram

1

I

Yes

-

I y e S I

Yes

Yes

Yes

Physical analysis with Android Rooting add-on
add-on
Chinese Phones Supmrt
..
Apple DMG physical image parser and Apple runes backup reader (induding passwordprotected backups)
Android physical image parser and backup reader

I Apple Plist Viewer and SQLite databases Viewer with deleted data recovery options

Yes
t

Yes

I

I Blackbeny IPD backup Viewer (including password-protected backups)

I

I Blackberry BBB backup reader [including password-protected backups)

I

I

Nokia PM Viewer

C

-

I
I

I
I

I

Yes
Y

s

I

yes
Y

Table view presents in-depth analysis of communication including all
contacts, phone numbers and remote parties along with communication
duration and produces a concise summary of the forensically important
data.
Switching to the diagram view with a graphical chart offers a quick overlook
of communication circles, allowing forensic experts to determine and
analyze the device user's communications with all details at a glance.

I

s

I

i

Oxygen Forensics, Inc

901 N. Pitt St Suite 320 Alexandria, VA 22314 USA

@a
'0:

htto://www.oxvaen-forensic.com
$h

*

Oxygen Forensics, Inc

901 N. Pitt St Suite 320 Alexandria, VA 22314 USA
htto://www.oxvaen-forensic.com

Oxygen Forensic Suite -- --

1

fM,OXYP~-f~~nn'C.com

t Oxygen Forensic Suite

+l 877 9 QXYGEN
h&:' +44 ao sin 8450
+7 495 222 9278

*

Oxygen Forensic Suite offers investigators the ability to analyze interactions
among users of multiple seized mobile devices. The feature builds and
1
displays a Direct Links diagram with a chart for multiple devices, clearly
visualizing connections between the phones' users.
-

I

1

Oxygen Forensic Suite
Smart Forensics for Smart Phones

l

PC software designed to extract the maximum information
from smartphones, cell phones and other mobile devices for
forensic purposes.

W

-

Brief information:
Focus on smartphones. Nowadays, the cell phone market has turned to smartphones. Oxygen
Forensic Suite uses an innovative approach to extract more information from Andmid, Apple iOS,
Blackberry, Symbian OS, Windows Mobile and other smartphones compared to competing tools.
Pioneer in geo-location data extraction. Oxygen Forensic Suite was the tirst tool capable of
extracting geo information from smartphones. Today, it remains a leader in this area.
First tool Android physical analysis. The Android Rooting add-on for Oxygen Forensic Suite allows
recovering the complete file system along with deleted data and full physical memory dump.
m

Extensive support for Chinese mobile phones. The low end of the market is switching to
inexpensive Chinese devices. We are constantly watching the market, adding support for a wide range
of popular Chinese mobile phones.
More than 7000 device models supported. We care about the quality, not quantity. There are tools
touting a higher number, but youll never find another tool offering comparable extraction, analysis,
searching and reporting capabilities.

i Central diagram matches records extracted from devices' phone and address

books, applications contact lists building a visual chart and displaying
contacts and remote parties with at least one shared entry. Right panel shows similar
contacts with identical phone numbers, e-mail accounts or application contacts with
the focused remote party, stored by users of multiple mobile devices and help clearly
visualize communications and social connections among users of different mobile
devices, allowing forensic specialists investigate criminal activities performed by
groups.
Balloon near each entry indicates total number of communications between
the device owners and this remote party.
By discovering and displaying matching records, Oxygen Forensic Suite
provides investigators with at-a-glance view of various interactions, helping forensic
specialists to discover connections between the users in just a few clicks.

I

:/lwww.oxvqen-forens~c.com
Tel : 877 969-9436
Fax : 877 462-2134

User data extraction from pre-installed and third-party smartphone applications. A mobile
phone is more than just a phone. Skype, Facebook, Twitter, Google services, Foursquare and other
applications keep their own databases in a smartphone. Oxygen Forensic Suite extracts and parses this
information, presenting the data in a convenient and well-organized way.
The Timeline section comblnes extracted events that having a timestamp into a single list.
Review all user activities at a glance in a single view. No need to switch between multiple windows to
examine all of the suspect's activities during a specified time period.
Compatible with moat popular mobile fonnats. Oxygen Forensic Suite can load and parse data
from Blackberry IPD, Blackberry BBB, Apple iTunes, Apple DMG, Nokia PM, SQLite databases, as well as
Plist files.
Convenient analysis, exporting and reporting. Oxygen Forensic Suite is designed specifically for
forensic analysis, searching for evidence and reporting. The tool can either print reports or export them
to one of the many popular file formats.
Deleted data extraction. Oxygen Forensic Suite can recover deleted information from smartphones
running popular systems such as Apple iOS, Android, Symbian etc.

Oxygen Forensics, I n c

Oxygen Forensics, I n c

901 N. Pitt S t Suite 320 Alexandria, VA 22314 USA

901 N. Pitt St Suite 320 Alexandria, VA 22314 USA

htt~://www.oxvaen-forensic.com

htt~://www.oxvaen-forensic.com

1

oxygen wrensic suite m
,

.

"":'"-'~Z~Zk
+l 877 9 OXYGEN

+7 495 222 9278

Physical acquisition is the most effective way for recovering deleted data from Android devices. It can
be easily performed by Android Rooting Add-on that supports devices running Android OS 1.6 through
3.0.1. That covers more than 96% devices on the market.

It's all about the meaning

Traces of deleted data can be found in SQLite databases stored in the mobile device and recovered
with SQLite Database viewer.

Oxygen Forensic Suite offers several statistical analysis tools giving forensic
specialists the ability to quickly reveal activity of the devices owners as well
as social connections between users of mobile devices under investigation
and their contacts.

I

Symbian Series 60devices
symb~ Information on deleted SMS messages can be recovered from all Symbian OS smartphones except
UIQ2 models with some restrictions:
Messages must not be older than the number of days specified by the "Log duration" parameter in
the System Log application (up to 30 days);
Only part of message text can be read (up to 64 characters).

. .-

-

,LoI.a,,Lfm
OLDLlllU L L i P
,,.o,.auILL*)
11.OLmLI 10.47
(ILILmU120-OI.II.B11n(A 1
OLL*).aULI*I-IOIL~Ur~~
I
o>.L*).a,Ill
,2
a l O l . 1 1 3 =R

Deleted messages are shown in the "Messages" section, are highlightedwith a different color and marked by
the 'recycle bin" icon.

Windows Mobile devices

-a
4

Traces of deleted SMS and MMS messages can be found in the cemail.vol file and viewed with a builtin HEX viewer in the File Browser section.
Informationfrom deleted phonebooks and calendars is located in the pim.vol file and can be viewed
with a built-in HEX viewer in the File Browser section.

Series 40 devices (Series 40 Third Edition or higher)
Informationon deleted SMS messages can be recovered from the phone log with some restrictions:
Messages must not be older than the number of days specified by the "Log duration" parameter in the
System Log (up to 30 days)
Only recipient and time stamp information can be recovered; no text is available.
Parts of deleted messages can be also found in the MS-del.dat file and viewed with a built-in HEX
viewer in the File Browser section.

Series 30 and older Series 40 devices
Information on deleted messages can be stored (not guaranteed) in phone's EEPROM dump and
analyzed with Nokia PM Viewer in Oxygen Forensic Suite 2013.

Oxygen Forensics, Inc
901 N. Pitt St Suite 320 Alexandria, VA 22314 USA
htto://www.oxvaen-forensic.com

A graphical chart is available to display user activities for selected periods of
time. The chart allows grouping all possible mobile device events over
different time intervals (from one second to one year) and filtering them by
various parameters.
The chart enables forensic experts to easily analyze detailed activities of a
single contact or group of contacts at a glance.

Oxygen Forensics, Inc
901 N. Pitt St Suite 320
Alexandria, VA 22314 USA

www.oxygen-forensics.com
http://twitter.com/oxygenforensic
http://facebook.com/OxygenForensics

1

Oxygen Forensic Suite -- .-

&~:liwww.orewgn-Forensic.c~n
+ l877 9 OXYGEN
+44 10 8132 8450
+7 495 222 9278

Omen Forensic Suite
Deleted data retrieved by
Oxygen Forensic Suite
Oxygen Forensic Suite 2013 is able to locate, extract and display information that was
previously deleted by device users. The type and amount of available data depends on the particular
platform of a mobile device.

Apple iOS devices

6

Informationon deleted SMS messages is stored in SMS.db or SMS.sqlite files that can be opened with
SQLite Database viewer. Double-click on a file, click 'Recover deleted data', then click on 'All deleted
data' and locate a cell that matches the 'Messages' row and 'Data' column. Deleted iMessages data is also
stored in the same files.

6

Informationon deleted calls is stored in the call-histoty.db file that can be opened with SQLite
Database viewer in the File Browser section.
Deleted email messages can be viewed in the 'Envelope Index' file (the file has no extension).
'Envelope Index' is only accessible on jail broken devices.
Informationon deleted email accounts is located in the /private/var/mobile/Library/Mail folder. Ik
subfolders are named with deleted accounts, and can be viewed in the File Browser section.

=
-.-m-' a 0 1

m e w ,

1*%,.4ll

%.mm

tl4.3,

Y.

I*,d'@iL!l,X

-

4

--.-

*iw--

Informationon deleted images is stored in *.ithmb databases for a certain period of time, and can be
viewed under the Thumbnail tab in the File Browser section.
Deleted images of contacts are located in the AddressBookImages.sqlitedbfile and can be opened with
SQLite Database viewer in the File Browser section.

@
S

Traces of deleted data can be found in all SQLite databases stored in the mobile device and recovered
with SQLite Database viewer.

Android OS devices
Informationon deleted SMS messages is stored in the mmssms.db file that can be found in the File
Browser section and opened with SQLie Database viewer. This database is accessible on rooted
devices only.

...and it's not just about the data
Oxygen Forensics, Inc

901 N. Pitt St Suite 320
Alexandria, VA 22314 USA

www.oxygen-forensics.com
http://twitter.com/oxygenforensic
http://facebook.com/OxygenForensics

Deleted Android device logs containing traces of SMS, MMS and application messages with names and
phone numbers are stored in the logs.db file that can be opened with SQLite Database viewer in the
File Browser section.

Oxygen Forensics, Inc

901 N. Pitt St Suite 320 Alexandria, VA 22314 USA
htt~:/lwww.oxvaen-forensic.com

Document Path: ["1291-oxygen-forensics-brochure-oxygen-forensic.pdf"]

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh