Information Technology Reference
In-Depth Information
Features of Oxygen Forensic Suite
The following are the features of Oxygen Forensic Suite:
• It supports logical acquisition. Logical acquisition recovers the active files on the
device. Deleted data may be obtained if the SQLite database is recovered. Physical
and file system acquisition are not supported by this tool. Both of these acquisition
methods provide access to the raw file system data of the iOS device.
• Password recovery from a keychain.
• Read backup/images obtained using other forensic tools.
• Timeline: This provides a single-place access to all the user's activities and move-
ments arranged by date and time.
• Zero-footprint operation: This leaves no traces and alterations to device contents.
• It supports aggregated contacts. This automatically combines accounts from differ-
ent sources in one metacontact for each person. (Caution: Make sure you know
where the data is coming from! You should manually examine each file to ensure
nothing is overlooked and that the data is being reported correctly.)
• It recovers deleted data automatically.
• It provides access to raw files for manual analysis. (Note: These are the raw data-
base files associated with each application, not the raw file system partitions.)
• It provides an intuitive and user-friendly UI to browse the extracted data.
• It provides keyword lists and a regular expression library in order to search.
• Report generation in several popular formats—Microsoft Excel, PDF, HTML, and
so on.
