Difference between pages "IXimager file formats" and "Oxygen Forensic Suite 2013"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
(Version update.)
 
Line 1: Line 1:
[[ILook|ILook Investigator v8]] and its disk-imaging counterpart, [[IXimager]], offer three proprietary, authenticated image formats: compressed (IDIF), non-compressed (IRBF), and encrypted (IEIF). Although few technical details are disclosed publicly, IXimager's online documentation provides some insights: IDIF "includes protective mechanisms to detect changes from the source image entity to the output form" and supports "logging of user actions within the confines of that event;" IRBF is similar to IDIF except that disk images are left uncompressed; IEIF, meanwhile, encrypts said images.
+
{| style="padding:0.3em; float:right; margin-left:15px; margin-bottom:8px; border:1px solid #A3B1BF; background:#f5faff; text-align:center; font-size:95%; line-height:1.5em;width:220px;"
 +
| style="padding:0.1em; font-size:1em; background-color:#cee0f2;" | '''Current version'''
 +
|-
 +
|align="left"|
 +
'''Version Number''': 3.5
  
For compatibility with ILook Investigator v7 and other forensic tools, IXimager allows for the transformation of each of these formats into raw format.
+
'''Date Released''': 23 August 2011
 +
|-
 +
| style="padding:0.1em; font-size:1em; background-color:#cee0f2;" | '''Recent changes'''
 +
|-
 +
|align="left"|
 +
* Simultaneous extraction and analysis
 +
* Added rooting support for  Android OS 1.6-2.2
 +
* Added Google Services and Yahoo! Services applications groups.
 +
* Added support for more than 200 new mobile devices. The total amount of supported devices is 2200
 +
|-
 +
| style="padding:0.1em; font-size:1em; background-color:#cee0f2;"|'''Screenshots'''
 +
|-
 +
|
 +
[[Image:OFS2_01_Device.png|200px|thumb|center|Device summary]]
 +
[[Image:OFS2_05_PhoneActivity_Date.png|200px|thumb|center|Phone Activity]]
 +
[[Image:OFS2_04_LifeBlog.png|200px|thumb|center|Geo event positioning (LifeBlog) data]]
 +
[[Image:OFS2_11_GeoFiles.png|200px|thumb|center|Camera shots with Geo data]]
 +
[[Image:OFS2_03_SQLiteViewer_Deleted.png|200px|thumb|center|Deleted data recovery]]
 +
[[Image:OFS2_08_MessagesExportPDF.png|200px|thumb|center|Sample report]]
 +
[http://www.oxygen-forensic.com/en/screenshots/ More screenshots ... ]
 +
|}
 +
'''Oxygen Forensic Suite 2011''' is a mobile forensic software for logical analysis of [[cell phones]], [[SmartPhones|smartphones]] and [[PDAs]] developed by [[Oxygen Software]]. The suite can extract device information, contacts, calendar events, [[SMS]] messages, event logs, and files. In addition, the vendor claims the suite can extract metadata related to the above. As of September 2011 the suite supported more than 2,200 devices, including [[Nokia]], [[Apple iPhone]] series, [[Apple iPod Touch]], [[Apple iPad]], Vertu, [[Sony Ericsson]], Samsung, Motorola, [[BlackBerry|Blackberry]], Panasonic, Siemens, HTC, HP, E-Ten, Gigabyte, i-Mate and other mobile phones. The suite also supports devices running [[symbian|Symbian OS]], [[Microsoft Windows Mobile|Windows Mobile 5/6]] and [[Android|Android OS devices]].
  
== Header ==
+
== Forensic Soundness ==
  
The header for these image formats appears to contain the string:
+
The suite access devices using advanced proprietary protocols. Some devices like smartphones require an Agent installation. Installing software onto the device being examined can be treated as an impact of the forensic soundness of the investigation. But as not much information is obtainable by other means and the impact is documented, it may still be admissible under the [[Best Evidence Rule]].
  
<pre>RiPed_By_ILookImager</pre>
+
== Previous Names ==
 +
Oxygen Forensic Suite was previously marketed as "Oxygen Phone Manager II (Forensic Edition)".
  
 
== External Links ==
 
== External Links ==
 +
* [http://www.oxygen-forensic.com/ Official web site]
  
* [http://www.cfreds.nist.gov/v2/Basic_Mac_Image.html Sample image in EnCase, iLook, and dd format] - From the [[Computer Forensic Reference Data Sets]] Project
+
[[Category:Windows Mobile]]
 
+
[[Category:Mobile device tools]]
[[Category:Forensics File Formats]]
+

Revision as of 08:48, 8 September 2011

Current version

Version Number: 3.5

Date Released: 23 August 2011

Recent changes
  • Simultaneous extraction and analysis
  • Added rooting support for Android OS 1.6-2.2
  • Added Google Services and Yahoo! Services applications groups.
  • Added support for more than 200 new mobile devices. The total amount of supported devices is 2200
Screenshots
Device summary
Phone Activity
Geo event positioning (LifeBlog) data
Camera shots with Geo data
Deleted data recovery
Sample report

More screenshots ...

Oxygen Forensic Suite 2011 is a mobile forensic software for logical analysis of cell phones, smartphones and PDAs developed by Oxygen Software. The suite can extract device information, contacts, calendar events, SMS messages, event logs, and files. In addition, the vendor claims the suite can extract metadata related to the above. As of September 2011 the suite supported more than 2,200 devices, including Nokia, Apple iPhone series, Apple iPod Touch, Apple iPad, Vertu, Sony Ericsson, Samsung, Motorola, Blackberry, Panasonic, Siemens, HTC, HP, E-Ten, Gigabyte, i-Mate and other mobile phones. The suite also supports devices running Symbian OS, Windows Mobile 5/6 and Android OS devices.

Forensic Soundness

The suite access devices using advanced proprietary protocols. Some devices like smartphones require an Agent installation. Installing software onto the device being examined can be treated as an impact of the forensic soundness of the investigation. But as not much information is obtainable by other means and the impact is documented, it may still be admissible under the Best Evidence Rule.

Previous Names

Oxygen Forensic Suite was previously marketed as "Oxygen Phone Manager II (Forensic Edition)".

External Links

Retrieved from "http://www.forensicswiki.org/w/index.php?title=IXimager_file_formats&oldid=9911"