Difference between pages "Linux" and "Oxygen Forensic Suite 2"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(References: remove bad link)
 
(Creating Oxygen Forensic Suite 2 page.)
 
Line 1: Line 1:
{{Expand}}
+
{{underconstruction}}
  
Linux refers to the family of Unix-like computer operating systems using the Linux kernel. Due to the nature of Linux it is possible for a wide range of high penetration forensic tools. 
+
=Oxygen Forensic Suite 2=
  
The wide variety of useful Linux utilities exist for desktop computers can also be used on Linux-based PDAs.  These utilities can often be used as a part of the [[forensics investigation]] process.
+
Oxygen Forensic Suite 2 is a mobile forensic software that goes beyond standard logical analysis of [[cell phones]], [[smartphone|smartphones]] and [[PDAs]]. Using advanced proprietary protocols permits Oxygen Forensic Suite 2 to extract much more data than usually extracted by logical forensic tools, especially for smartphones.
  
Software for Linux systems are not only targets at personal computers, desktops, laptops etc, but also server based tools exist for both accessing, monitoring and analysing servers.  
+
====Unique information extraction====
 +
Besides the general data usually extracted, Oxygen Forensic Suite can extract a lot of unique information
 +
Using low-level protocols allows the program to extract: phone basic information and [[SIM Cards|SIM-card]] data, [[phonebook|contacts list]], caller groups, [[speed dials]], missed/outgoing/incoming calls, standard SMS/MMS/E-mail folders, custom [[SMS]]/MMS/E-mail folders, deleted SMS messages (with some restrictions), SMS Center timestamps, calendar events schedule, tasks, text notes, photos, videos, sounds, LifeBlog data (all main phone events with their geographical coordinates), Java applications, file system from phone memory and flash card, GPRS and Wi-Fi activity, voice records and much more. The list of supported features depends on a certain phone model.
  
== Specialist Software ==  
+
====Device coverage====
 +
Oxygen Forensic Suite 2 extracts data from [[Nokia]], [[Vertu]], [[Sony Ericsson]], [[Samsung]], [[Motorola]], [[Blackberry]], [[Panasonic]], [[Siemens]], [[HTC]], [[HP]], [[E-Ten]], [[Gigabyte]], [[i-Mate]] and other mobile phones. Oxygen Forensic Suite 2 has a strong [[smartphone|smartphones]] and [[communicator|communicators]] support that base on [[symbian|Symbian OS]], [[symbian|Nokia S60]], Sony Ericsson UIQ, [[Microsoft Windows Mobile|Windows Mobile 5/6]] (without using ActiveSync!) and [[Blackberry]] smartphones.
  
=== Helix ===
+
====Other====
 +
* Software interface is specially designed for forensic analysis, data search and reporting. Oxygen Forensic Suite can either print reports or export them to the most popular file formats
 +
* Oxygen Forensic Suite guarantees the analyzed mobile phone data invariability while accessing it from the program.
 +
* Oxygen Forensic Suite has a full support of Unicode standard. So the multilanguage information is read and shown correctly.
  
[http://www.e-fense.com/h3-enterprise.php Helix] is a live Linux CD designed for live incident response. Helix is targeted towards the more experienced users and forensic investigators.
+
===Links===
 
+
* [http://www.oxygen-forensic.com/ Official web site]
The latest version of Helix, Helix 3, is based on the Ubuntu version of Linux, this allows for greater stability and ease of use.
+
* [http://www.oxygen-software.com/ Oxygen Software web site]
 
+
Due to Helix being a live disc it is possible to run it on a "suspect" machine whilst the installed operating system remains inactive, also live network forensics are possible when running the Helix Live Disc allowing for users to perform checks on networks that their machines are attached to.
+
 
+
== Tools ==
+
 
+
=== dd ===
+
 
+
'''[[dd]]''', or duplicate disk, is a Unix and Linux utility that allows the user to create a bitstream image of a disk or device. Once the Linux-based PDA is connected to another device and the dd utility is run, the mirror image can be uploaded onto [[memory card]]s or even an external desktop workstation connected via a network. Images created by dd are readable by [[forensics software]] tools such as [[EnCase]] and [[Forensic Toolkit]]. Since the device uses a Linux [[filesystem]], the image may also be mounted and examined on a Linux workstation.
+
 
+
=== foremost ===
+
 
+
'''[[foremost]]''' is a Linux based program data for [[Recovering_deleted_data|recovering deleted files]] and served as the basis for the more modern [[Scalpel]]. The program uses a configuration file to specify [[File_Formats|headers and footers]] to search for. Intended to be run on disk images, foremost can search through most any kind of data without worrying about the format.
+
 
+
=== EtherApe ===
+
 
+
[http://etherape.sourceforge.net/ EtherApe]is a free program built on the structure of Etherman. It is designed as a high level wide range network monitoring tool which provides a graphical display to the user illustrating packet information. Although EtherApe might be seen as a security orientated tool it does have forensic application.
+
 
+
EtherApe has two main modes, live monitoring which can be run on a server machine which will map any packets passing to and from that machine, illustrating with colours the type of packet, as well as by diameter the amount of traffic that type of packet brings. It is also possible to see the different nodes attached , by IP and IPv6 addresses.
+
 
+
EtherApe's secondary function is a review ability, taking a selection of packets captured either by TCPDUMP command or another piece of capture software. When running the file through EtherApe the program displays the same information as it does with a live capture but reading from the data file imported instead of the live network. A review of files can be done on any machine, regardless of network connectivity.
+
 
+
=== Memory Forensics ===
+
 
+
Memory forensics tools help preserve the volatile state of the system, and find stealthy malware. For a list of memory acquisition tools for Linux, see [[Tools:Memory Imaging]].  For a list of memory analysis tools for Linux, see [[Linux Memory Analysis]].
+
 
+
=References=
+
 
+
* http://en.wikipedia.org/wiki/Linux
+
* http://en.wikipedia.org/wiki/Android_(mobile_device_platform)
+
 
+
[[Category:Operating systems]]
+

Revision as of 10:24, 28 October 2008

Template:Underconstruction

Oxygen Forensic Suite 2

Oxygen Forensic Suite 2 is a mobile forensic software that goes beyond standard logical analysis of cell phones, smartphones and PDAs. Using advanced proprietary protocols permits Oxygen Forensic Suite 2 to extract much more data than usually extracted by logical forensic tools, especially for smartphones.

Unique information extraction

Besides the general data usually extracted, Oxygen Forensic Suite can extract a lot of unique information Using low-level protocols allows the program to extract: phone basic information and SIM-card data, contacts list, caller groups, speed dials, missed/outgoing/incoming calls, standard SMS/MMS/E-mail folders, custom SMS/MMS/E-mail folders, deleted SMS messages (with some restrictions), SMS Center timestamps, calendar events schedule, tasks, text notes, photos, videos, sounds, LifeBlog data (all main phone events with their geographical coordinates), Java applications, file system from phone memory and flash card, GPRS and Wi-Fi activity, voice records and much more. The list of supported features depends on a certain phone model.

Device coverage

Oxygen Forensic Suite 2 extracts data from Nokia, Vertu, Sony Ericsson, Samsung, Motorola, Blackberry, Panasonic, Siemens, HTC, HP, E-Ten, Gigabyte, i-Mate and other mobile phones. Oxygen Forensic Suite 2 has a strong smartphones and communicators support that base on Symbian OS, Nokia S60, Sony Ericsson UIQ, Windows Mobile 5/6 (without using ActiveSync!) and Blackberry smartphones.

Other

  • Software interface is specially designed for forensic analysis, data search and reporting. Oxygen Forensic Suite can either print reports or export them to the most popular file formats
  • Oxygen Forensic Suite guarantees the analyzed mobile phone data invariability while accessing it from the program.
  • Oxygen Forensic Suite has a full support of Unicode standard. So the multilanguage information is read and shown correctly.

Links