DOCSLIB.ORG

Oxygen Forensic® Detectivev.10

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Oxygen Forensic® Detectivev.10 Release notes November 2017 Oxygen Forensic® Detective v.10 NEW CLOUD SERVICES ADVANCED WHATSAPP EXTRACTION Oxygen Forensics extends inves�ga�on capabili�es with a We’ve added two industry-first features in the algorithm of number of new cloud services and delivers the industry first WhatsApp data extrac�on. support for them. Mi Cloud. Xiaomi phones are quite popular these WhatsApp backup decryp�on with 2-step days as they give users great specs and value for verifica�on. money. Xiaomi users can store their contacts, calls, This verifica�on is an op�onal feature that adds messages, calendar, and other personal data in Mi Cloud. more security to the account. If it is enabled, any The updated Oxygen Forensic® Cloud Extractor offers a a�empt to verify the phone number on WhatsApp must be brand-new ability to extract all available informa�on from accompanied by the six-digit PIN created by the user. The Mi Cloud via login/password or token. decryp�on of WhatsApp backup is not possible without Workplace by Facebook. This is a collabora�ve the PIN code. The latest Oxygen Forensic® Cloud pla�orm used to communicate via groups and to Extractor offers either the opportunity to enter the PIN (if chat with colleagues in a corporate environment. it is known) or several ways to deac�vate it. Once the While extrac�ng a mobile device, forensic experts may find PIN is entered or deac�vated forensic experts can an app token that can be used to enter Workplace account extract and decrypt full WhatsApp backup from iCloud or and download groups, chats with a�achments, and other Google Drive. The backup usually contains data on the available data. account owner, his/her contacts, chats, and calls. Samsung Gallery. Oxygen Forensic® Detec�ve now Unique WhatsApp data from the server. extracts photos, videos and documents (both live We’ve added a special WhatsApp Cloud service and deleted) from Samsung Cloud. Photos and videos are that allows forensic experts to acquire undelivered acquired together with geo coordinates that can be opened messages with a�achments, missed calls, contacts, in Oxygen Forensic® Maps. and informa�on about groups and their par�cipants Samsung Cloud backup. Now forensic experts can directly from the WhatsApp server. This service can be import and parse complete Samsung Cloud extremely useful in case when the device is damaged, backups that can be accessed via login/password locked, or missing. Following the instruc�ons for the or token. Backups may contain contacts, calls, messages, WhatsApp Cloud service, forensic experts can obtain calendars, files, and Wi-Fi history. access to WhatsApp server even without the need for a mobile device itself. Oxygen Forensics, Inc 901 N. Pitt St, Suite 100100 Alexandria, VAVA 22314 TelTel : 844 537-2537 Fax : 877 462-2134 Release notes November 2017 Oxygen Forensic® Detective v.10 APPLICATIONS UNSUPPORTED APPS PARSING Some popular apps have their own clones NEW that are not widely-known and can be used IOS by criminals to hide their ac�vi�es. In Bread Wallet (0.6.7) Oxygen Forensic® Detec�ve v.10 forensic Facebook Workplace (143.0) experts can parse such unsupported clone apps using a supported app template. For FreeFlight Pro (5.0.2) example, there is a number of Telegram ANDROID Messenger clones that now can be parsed Facebook Workplace in Oxygen Forensic® Detec�ve even if they (141.0.0.31.91) are not officially supported. FreeFlight Pro (5.0.2) SELECTIVE PHYSICAL EXTRACTION Workplace Chat (141.0.0.32.76) Now, before performing a physical extrac�on or dump import, forensic experts UPDATED can choose which sec�ons should be IOS parsed from a mobile device. Oxygen Facebook Messenger (141.0) Forensic® Extractor shows a list of sec�ons Google Chrome (60.0.3112.72) to be selected for parsing. This feature can Google Duo (21.0) be of u�ermost importance when an inves�gator is authorized to extract only GroupMe (5.12.5) par�cular type of evidence. Moreover, Instagram (21.0) selec�ve reading significantly speeds up the KakaoTalk (6.5.1) extrac�on process. Kik Messenger (11.33.0) DRONE SUPPORT ENHANCEMENTS Passbook (11.0) The updated program version allows to Skype (8.8) import and merge several dumps of the Telegram (4.4) same drone together. If forensic experts Twitter (7.10) have two separate dumps of external and Viber (7.9) internal drone storages, now, they can merge them to be able to analyze drone Visa Qiwi Wallet (5.19) data in one view. Moreover, Oxygen Wechat (6.5.21) Forensic® Detec�ve v.10 supports DJI WhatsApp (2.17.71) Metrice 600 drone and parses FreeFlight ANDROID Pro app from iOS and Android devices. Facebook Messenger (142.0.0.18.63) SCREEN LOCK BYPASS FOR MOTOROLA DEVICES Google Chrome (60.0.3112.116) Now, forensic experts can bypass screen lock on a larger amount of Motorola Google Duo (21.0) devices: Moto XT1684, Moto XT1685 (Dual SIM), Moto XT1687 (USA), Moto XT1681, Google Hangouts (22.0) and Moto XT1683. Instagram (21.0) 2FA SUPPORT FOR ICLOUD SERVICES KakaoTalk (6.4.6) We’ve added support for 2-factor authen�ca�on to iCloud services. Now, forensic Kik Messenger (11.37.0.18906) experts can acquire iCloud data even with the 2FA enabled. Telegram (4.4.2) PREDEFINED KEYWORD LISTS Twitter (7.20.0) Three new predefined keyword lists are now available in Keyword Manager. Forensic Viber (7.9.0.6) experts can apply Guns, Human Trafficking or Money Laundering keyword lists to find Visa Qiwi Wallet (3.7.0) the required evidence. Wechat (6.5.16) IMPROVED SQLITE VIEWER WhatsApp (2.17.395) We’ve added several significant interface improvements to the SQL Editor: display of And many more! the linked table, naviga�on in the linked table, and highligh�ng of the linked fields. Oxygen Forensics, Inc 901 N. Pitt St, Suite 100 Alexandria, VA 22314 Tel : 844 537-2537 Fax : 877 462-2134 .
Load more

Recommended publications
  • Kakaotalk Theme Guide
    kakaotalkThemeGuide Creat My Own Theme Android UPDATE 2017/02/23 STEP1 Check Points Customized Themes Create a unique look and feel that is all your own. With the custom theme feature, you can transform your wallpaper, chat bubbles, font, color scheme and more. Check point - This feature is available in KakaoTalk version 5.1.0 or later. - The color of the text can be changed. - Layout cannot be modified. - Produce based on a 480PX x 800PX (HDPI) resolution. - Produse based on a 1080x1920(xxhdpi) resolution Download File KakaoTalk Theme has been designed so that it is created in an APK file format, with execution speed and scalability in mind kakao.com > services > kakaotalk > Customized Themes download KakaoTalk sample themes. http://www.kakao.com/services/talk/theme STEP2 Modify Resources 1) Modify Images The package name/res/drawable-xxhdpi folder contains sample images that can be modified using the theme function. Refer to the resources list in the “Check Modifiable Resource” page and replace the image you wish to change with the identical file name. For example, if you wish to change the Splash screen that is displayed when KakaoTalk is executed, then change the thm_general_splash_img.png file shown in the folder above. Leave as-is or delete if there is no image that needs to be changed. Images that change size depending on the size of the phone or the situation are those categorized as “9-patch” in the recommended type column in the list and requires additional modification. Please refer to the URL below for more information on 9-patch.
    [Show full text]
  • Uila Supported Apps
    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
    [Show full text]
  • The Islamic State's Use of Online Social Media
    Military Cyber Affairs Volume 1 Issue 1 Article 4 2015 The Islamic State’s Use of Online Social Media Lisa Blaker University of Maryland, Baltimore County, [email protected] Follow this and additional works at: https://scholarcommons.usf.edu/mca Part of the Communication Technology and New Media Commons, and the Social Influence and Political Communication Commons Recommended Citation Blaker, Lisa (2015) "The Islamic State’s Use of Online Social Media," Military Cyber Affairs: Vol. 1 : Iss. 1 , Article 4. https://www.doi.org/http://dx.doi.org/10.5038/2378-0789.1.1.1004 Available at: https://scholarcommons.usf.edu/mca/vol1/iss1/4 This Article is brought to you for free and open access by Scholar Commons. It has been accepted for inclusion in Military Cyber Affairs by an authorized editor of Scholar Commons. For more information, please contact [email protected]. Blaker: The Islamic State’s Use of Online Social Media The Islamic State’s Use of Online Social Media LISA BLAKER, University of Maryland, Baltimore County 1. INTRODUCTION The Islamic State of Iraq and Syria (ISIS) has made great use of the Internet and online social media sites to spread its message and encourage others, particularly young people, to support the organization, to travel to the Middle East to engage in combat—fighting side-by-side with other jihadists, or to join the group by playing a supporting role—which is often the role carved out for young women who are persuaded to join ISIS. The terrorist group has even directed sympathizers to commit acts of violence wherever they are when traveling to the Middle East isn’t possible.
    [Show full text]
  • Executive Summary
    Executive Summary Chat apps are quickly becoming the preferred medium for digital communication in some of the world’s fastest-growing markets. Global monthly users of the top four chat apps (WhatsApp, Messenger, WeChat, and Viber) now exceed those of the top four traditional social media networks (Facebook, Instagram, Twitter, and LinkedIn) (Business Insider Intelligence, 2017). The most popular chat app, WeChat, had 889 million monthly active users as of Q4 2016 (according to Tencent Penguin Intelligence’s 2017 WeChat User Behavior Report [as cited in Brennan, 2017]). Given these radical shifts, the Institute for the Future (IFTF), with support from the Google News Lab, conducted an ethnographic case study of the chat app news media ecosystem in Korea. The goal was to better understand the role chat apps will play in the creation and propagation of news around the world, highlighting key challenges and opportunities for newsrooms and journalists. Our study focuses primarily on KakaoTalk, the most popular chat app in South Korea. South Korea has the fastest internet speed in the world (averaging 28.6 Mbps in the first quarter of 2017 [Akamai, 2017]), the highest smartphone ownership rates in the world (Hana, 2016), free access to global media and internet, and high saturation of both indigenous (KakaoTalk) and foreign chat apps, making the country a good indicator where news media are headed both in the region and around the world. We found three key insights for journalists and newsrooms to consider: 1. MILLIONS OF ORDINARY PEOPLE ARE DRIVING THE FLOW OF NEWS THROUGH CHAT APPS, FURTHER EVOLVING THE INFORMATION ECOSYSTEM IN THE DIGITAL WORLD: The flow of information today within chat apps is similar to a massive, virtual version of the children’s game of telephone, in which individuals whisper messages to each other one by one, the final message inevitably differing significantly from the original.
    [Show full text]
  • Forensic Analysis of the Backup Database File in Kakaotalk Messenger
    Forensic analysis of the backup database file in KakaoTalk messenger Jusop Choi∗, Jaewoo Parky and Hyoungshick Kimy ∗Department of Computer Science and Engineering, Sungkyunkwan University, Republic of Korea Email : [email protected] yDepartment of Software, Sungkyunkwan University, Republic of Korea Email : fbluereaper, [email protected] Abstract—Instant messaging services should be designed to A security practice commonly used in IM applications is to securely protect their users’ personal contents such as chat encrypt such sensitive files with a key that the IM application messages, photos and video clips against a wide range of attacks. can only access. Needless to say, the security of this security In general, such contents are securely encrypted in storage. In this paper, however, we demonstrated that the backup database practice strongly relies on the protection of the encryption key. file for chat messages in KakaoTalk (the most popularly used Our research was motivated to check whether the protection instant messaging service in Republic of Korea, http://www. of the encryption key in IM applications would actually be kakao.com/talk/en) can be leaked to unauthorized users. We acceptable to the standard criteria in the information security carefully examined the backup procedure in KakaoTalk through community. reverse engineering the KakaoTalk application to analyze how the backup database file was encrypted and the encryption key can In order to provide practical answers to this research be generated. Our analysis showed that the encrypted database question, we examined the key protection implementation in is susceptible to off-line password guessing attacks. Based on this IM applications through a case study of KakaoTalk (http: finding, we recommend that a secure key generation technique //www.kakao.com/talk/en) that is the most popularly used IM should be designed to improve resistance against offline password guessing attacks by using a random secret number to generate application in South Korea with more than 49.1 million active the encryption key.
    [Show full text]
  • Private Status Sharing and Sender-Controlled Notifications In
    I Share, You Care: Private Status Sharing and Sender-Controlled Notifications in Mobile Instant Messaging 34 HYUNSUNG CHO, KAIST, Republic of Korea JINYOUNG OH, KAIST, Republic of Korea JUHO KIM, KAIST, Republic of Korea SUNG-JU LEE, KAIST, Republic of Korea While mobile instant messaging (MIM) facilitates ubiquitous interpersonal communication, its constant connectivity could build the expectation of an immediate response to messages, and its notifications flood could cause interruptions at inopportune moments. We examine two design concepts for MIM—private status sharing and sender-controlled notifications—that aim to lower the pressure for an immediate reply and reduce unnecessary interruptions by untimely notifications. Private status sharing reactively reveals a customized status with a selected partner(s) only when the partner has sent a message. Sender-controlled notifications give senders the control of choosing whether to send a notification for their own messages. We built MyButler, an Android app prototype that instantiates these two concepts and integrated it with KakaoTalk, a commercial MIM app. During a two-week field study with 11 pairs (5 couples and 6 friend pairs), participants expressed themselves through a total of 210 different statuses, 64.3% of which indicated the current activity or task ofthe user. Participants reported that private status sharing enabled them to explain their unavailability and relieved the pressure and expectations for timely attendance. We reveal more findings on the types of privately shared statuses and their roles in MIM communication; the in-situ behaviors and patterns of using sender-controlled notifications; and the motivations of MIM users in choosing whether to alert their messages.
    [Show full text]
  • Forensic Analysis of Kik Messenger on Ios Devices Ovens, Kenneth M.; Morison, Gordon
    Forensic analysis of Kik messenger on iOS devices Ovens, Kenneth M.; Morison, Gordon Published in: Digital Investigation DOI: 10.1016/j.diin.2016.04.001 Publication date: 2016 Document Version Author accepted manuscript Link to publication in ResearchOnline Citation for published version (Harvard): Ovens, KM & Morison, G 2016, 'Forensic analysis of Kik messenger on iOS devices', Digital Investigation, vol. 17, pp. 40–52. https://doi.org/10.1016/j.diin.2016.04.001 General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. Take down policy If you believe that this document breaches copyright please view our takedown policy at https://edshare.gcu.ac.uk/id/eprint/5179 for details of how to contact us. Download date: 29. Sep. 2021 Forensic analysis of Kik messenger on iOS devices Kenneth M. Ovens∗, Gordon Morison School of Engineering & Built Environment, Glasgow Caledonian University, Cowcaddens Road, Glasgow, G4 0BA, Scotland. Abstract Instant messaging applications continue to grow in popularity as a means of communicating and sharing multimedia files. The information contained within these applications can prove invaluable to law enforcement in the investigation of crimes. Kik messenger is a recently introduced instant messaging application that has become very popular in a short period of time, especially among young users. The novelty of Kik means that there has been little forensic examination conducted on this application. This study addresses this issue by investigating Kik messenger on Apple iOS devices.
    [Show full text]
  • Application-To-Person Messaging Helping Enterprises to Respond to Consumers’ Changing Communications Behavior
    Ovum TMT intelligence | Application-to-Person Messaging Helping enterprises to respond to consumers’ changing communications behavior Sponsored by Contents Introduction .....................................................................................................................................................4 Ovum view .....................................................................................................................................................4 Key findings ..................................................................................................................................................5 Key trends in messaging .................................................................................................................................6 P2P SMS declines as use of OTT communications apps grows .................................................................6 Enterprise adoption of A2P SMS strengthens .............................................................................................7 A2P SMS commoditization drives innovation ..............................................................................................8 Case study: MakeMyTrip ..............................................................................................................................8 Service providers lay foundations for IP-based communications ............................................................10 OTT communications apps seek greater engagement with enterprises .................................................10
    [Show full text]
  • Understanding Stress on Mobile Instant Messengers Based On
    CHI 2018 Paper CHI 2018, April 21–26, 2018, Montréal, QC, Canada Too Close and Crowded: Understanding Stress on Mobile Instant Messengers based on Proxemics In-geon Shin, Jin-min Seok, Youn-kyung Lim Department of Industrial Design, KAIST Daejeon, Republic of Korea {ingeonshin, jinminseok, younlim}@kaist.ac.kr ABSTRACT MIM is no longer simply a tool for delivering text. People Nowadays, mobile instant messaging (MIM) is a necessity are experiencing real and practical interaction through MIM. for our private and public lives, but it has also been the cause Conversations in MIM are more natural and fluent than with of stress. In South Korea, MIM stress has become a serious SMS, and people form communities and have a sense of social problem. To understand this stress, we conducted four connection through MIM [4]. In a study that focuses on focus groups with 20 participants under MIM stress. We WhatsApp, O’Hara et al. [27] argue that the use of MIM is a initially discovered that MIM stress relates to how people form of dwelling in digital space, and they use the notion of perceive the territory in MIM. We then applied proxemics— dwelling [11] to explain how MIM drives the encounters of the theory of human use of space—to the thematic analysis people’s relationships over time. Whereas chat rooms in the as the rationale. The data revealed two main themes: too past, such as the chat rooms of PC-based IM, were regarded close and too crowded. The participants were stressed due to as temporary places to be repeatedly created and destroyed, design features that let strangers or crowds into their MIM chat rooms in MIM have become more permanent places so applications and forced them to interact and share their status that people form their own virtual territory [15].
    [Show full text]
  • Humanitarian Futures for Messaging Apps
    HUMANITARIAN FUTURES FOR MESSAGING APPS UNDERSTANDING THE OPPORTUNITIES AND RISKS FOR HUMANITARIAN ACTION Syrian refugees, landed on Lesbos in Greece, looking for a mobile signal to check their location and notify relatives that they arrived safely. International Committee of the Red Cross 19, avenue de la Paix 1202 Geneva, Switzerland T +41 22 734 60 01 F +41 22 733 20 57 E-mail: [email protected] www.icrc.org January 2017 Front cover: I. Prickett/UNHCR HUMANITARIAN FUTURES FOR MESSAGING APPS UNDERSTANDING THE OPPORTUNITIES AND RISKS FOR HUMANITARIAN ACTION This report, commissioned by the International Committee of the Red Cross (ICRC), is the product of a collaboration between the ICRC, The Engine Room and Block Party. The content of this report does not reflect the official opinion of the ICRC. Responsibility for the information and views expressed in the report lies entirely with The Engine Room and Block Party. Commissioning Editors: Jacobo Quintanilla and Philippe Stoll (ICRC). Lead Researcher: Tom Walker (The Engine Room). Content: Eytan Oren (Block Party), Zara Rahman (The Engine Room), Nisha Thompson, and Carly Nyst. Editors: Michael Wells and John Borland. Project Manager: Waiyee Leong (ICRC). The ICRC, The Engine Room and Block Party request due acknowledgement and quotes from this publication to be referenced as: ICRC, The Engine Room and Block Party, Humanitarian Futures for Messaging Apps, January 2017. This report is available at www.icrc.org, https://theengineroom.org and http://weareblockparty.com. This work is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License. To view a copy of this license, visit: http://creativecommons.org/licenses/by-sa/4.0/.
    [Show full text]
  • Design and Analysis of Enumeration Attacks on Finding Friends
    computers & security xxx (2015) 1e9 Available online at www.sciencedirect.com ScienceDirect journal homepage: www.elsevier.com/locate/cose Design and analysis of enumeration attacks on finding friends with phone numbers: A case study with KakaoTalk * Eunhyun Kim a, Kyungwon Park a, Hyoungshick Kim a, , Jaeseung Song b a Department of Computer Science and Engineering, Sungkyunkwan University, Republic of Korea b Department of Computer and Information Security, Sejong University, Republic of Korea article info abstract Article history: Users' phone numbers are popularly used for finding friends in instant messaging (IM) Received 13 December 2014 services. In this paper, we present a new security concern about this search feature Received in revised form through a case study with KakaoTalk which is the most widely used IM in Korea. We 21 March 2015 demonstrate that there are multiple ways of collecting victims' personal information such Accepted 18 April 2015 as their (display) names, phone numbers and photos, which can be potentially misused for Available online xxx a variety of cyberecriminal activities. Our experimental results show that a user's personal data can be obtained automatically (0.26 s on average). The results also indicate that a large Keywords: portion of KakaoTalk users (72.8%) have used real or real-like names in their profiles, which Finding friends with phone numbers means that our discovered enumeration attacks seem to be practically dangerous. To Enumeration attack mitigate these attacks, we present three countermeasures including a misuse detection Information leakage system that can discover abnormal application activities within a certain time-window. Privacy © 2015 Elsevier Ltd.
    [Show full text]
  • Kik Interactive Inc
    Case 1:19-cv-05244 Document 1 Filed 06/04/19 Page 1 of 49 Stephan J. Schlegelmilch David S. Mendel U.S. SECURITIES AND EXCHANGE COMMISSION Division of Enforcement 100 F Street, N.E. Washington, DC 20549 Counsel for Plaintiff UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK U.S. SECURITIES AND EXCHANGE COMMISSION, Plaintiff, Case No. 19-cv-5244 vs. Jury Trial Demanded KIK INTERACTIVE INC. Defendant. COMPLAINT Plaintiff United States Securities and Exchange Commission (the “SEC”) alleges as follows against Defendant Kik Interactive Inc. (“Kik”): SUMMARY 1. From May to September 2017, Kik offered and sold one trillion digital tokens called “Kin.” More than 10,000 investors worldwide purchased Kin for approximately $100 million in U.S. dollars and digital assets – over half of this sum coming from investors located in the United States. However, Kik’s offer and sale of Kin was not registered with the SEC, and investors did not receive the disclosures required by the federal securities laws. 2. Congress enacted the Securities Act of 1933 to regulate the offer and sale of securities. In contrast to ordinary commerce, which often operates under the principle of caveat emptor, Congress enacted a regime of full and fair disclosure, requiring those who offer and sell securities to Case 1:19-cv-05244 Document 1 Filed 06/04/19 Page 2 of 49 the investing public to provide sufficient, accurate information to allow investors to make informed decisions before they invest. Such disclosure is ordinarily provided in a “registration statement,” which provides public investors with financial and managerial information about the issuer of the securities, details about the terms of the securities offering, the proposed use of investor proceeds, and an analysis of the risks and material trends that would affect the enterprise.
    [Show full text]