Difference between pages "File Format Identification" and "Oxygen Forensic Suite 2"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Bibliography)
 
(Creating Oxygen Forensic Suite 2 page.)
 
Line 1: Line 1:
File Format Identification is the process of figuring out the format of a sequence of bytes. Operating systems typically do this by file extension or by embedded MIME information. Forensic applications need to identify file types by content.
+
{{underconstruction}}
  
=Tools=
+
=Oxygen Forensic Suite 2=
==libmagic==
+
* Written in C.
+
* Rules in /usr/share/file/magic and compiled at runtime.
+
* Powers the Unix “file” command, but you can also call the library directly from a C program.
+
* http://sourceforge.net/projects/libmagic
+
  
==DROID==
+
Oxygen Forensic Suite 2 is a mobile forensic software that goes beyond standard logical analysis of [[cell phones]], [[smartphone|smartphones]] and [[PDAs]]. Using advanced proprietary protocols permits Oxygen Forensic Suite 2 to extract much more data than usually extracted by logical forensic tools, especially for smartphones.
* Writen in Java
+
* Developed by National Archives of the United Kingdom.
+
* http://droid.sourceforge.net
+
  
==TrID==
+
====Unique information extraction====
* XML config file
+
Besides the general data usually extracted, Oxygen Forensic Suite can extract a lot of unique information
* Closed source; free for non-commercial use
+
Using low-level protocols allows the program to extract: phone basic information and [[SIM Cards|SIM-card]] data, [[phonebook|contacts list]], caller groups, [[speed dials]], missed/outgoing/incoming calls, standard SMS/MMS/E-mail folders, custom [[SMS]]/MMS/E-mail folders, deleted SMS messages (with some restrictions), SMS Center timestamps, calendar events schedule, tasks, text notes, photos, videos, sounds, LifeBlog data (all main phone events with their geographical coordinates), Java applications, file system from phone memory and flash card, GPRS and Wi-Fi activity, voice records and much more. The list of supported features depends on a certain phone model.
* http://mark0.net/soft-trid-e.html
+
  
==Stellent/Oracle Outside-In==
+
====Device coverage====
* Proprietary but free demo.
+
Oxygen Forensic Suite 2 extracts data from [[Nokia]], [[Vertu]], [[Sony Ericsson]], [[Samsung]], [[Motorola]], [[Blackberry]], [[Panasonic]], [[Siemens]], [[HTC]], [[HP]], [[E-Ten]], [[Gigabyte]], [[i-Mate]] and other mobile phones. Oxygen Forensic Suite 2 has a strong [[smartphone|smartphones]] and [[communicator|communicators]] support that base on [[symbian|Symbian OS]], [[symbian|Nokia S60]], Sony Ericsson UIQ, [[Microsoft Windows Mobile|Windows Mobile 5/6]] (without using ActiveSync!) and [[Blackberry]] smartphones.
* http://www.oracle.com/technology/products/content-management/oit/oit_all.html
+
  
[[Category:Tools]]
+
====Other====
 +
* Software interface is specially designed for forensic analysis, data search and reporting. Oxygen Forensic Suite can either print reports or export them to the most popular file formats
 +
* Oxygen Forensic Suite guarantees the analyzed mobile phone data invariability while accessing it from the program.
 +
* Oxygen Forensic Suite has a full support of Unicode standard. So the multilanguage information is read and shown correctly.
  
=Bibliography=
+
===Links===
Current research papers on the file format identification problem. Most of these papers concern themselves with identifying file format of a few file sectors, rather than an entire file.
+
* [http://www.oxygen-forensic.com/ Official web site]
 
+
* [http://www.oxygen-software.com/ Oxygen Software web site]
* Mason McDaniel, [[Media:Mcdaniel01.pdf|Automatic File Type Detection Algorithm]], Masters Thesis, James Madison University,2001
+
 
+
* [http://www2.computer.org/portal/web/csdl/abs/proceedings/hicss/2003/1874/09/187490332a.pdf Content Based File Type Detection Algorithms], Mason McDaniel and M. Hossain Heydari, 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9, 2003.
+
 
+
* [http://www1.cs.columbia.edu/ids/publications/FilePrintPaper-revised.pdf Fileprints: identifying file types by n-gram analysis], LiWei-Jen, Wang Ke, Stolfo SJ, Herzog B..,  IProceeding of the 2005 IEEE workshop on information assurance; 2005 [http://www.itoc.usma.edu/workshop/2005/Papers/Follow%20ups/FilePrintPresentation-final.pdf [slides]]
+
 
+
* [http://www.micsymposium.org/mics_2005/papers/paper7.pdf File Type Detection Technology], Douglas J. Hickok, Daine Richard Lesniak, Michael C. Rowe, 2005 Midwest Instruction and Computing Symposium.
+
 
+
* [http://ieeexplore.ieee.org/iel5/10992/34632/01652088.pdf  File type identification of data fragments by their binary structure. ], Karresand Martin, Shahmehri Nahid. Proceedings of the IEEE workshop on information assurance; 2006. p. 140–7. [http://www.itoc.usma.edu/workshop/2006/Program/Presentations/IAW2006-07-3.pdf [slides]]
+
 
+
* FORSIGS; Forensic Signature Analysis of the Hard Drive for Multimedia File Fingerprints, John Haggerty and Mark Taylor, IFIP TC11 International Information Security Conference, 2006, Sandton, South Africa.
+
 
+
* Karresand M., Shahmehri N., [http://dx.doi.org/10.1007/0-387-33406-8_35 Oscar: File Type Identification of Binary Data in Disk Clusters and RAM Pages], Proceedings of IFIP International Information Security Conference: Security and Privacy in Dynamic Environments (SEC2006), Springer, ISBN 0-387-33405-x, pp 413-424, May 22 - 24, Karlstad, Sweden. Journal page.
+
 
+
* [https://www.cerias.purdue.edu/tools_and_resources/bibtex_archive/archive/2007-19.pdf Using Artificial Neural Networks for Forensic File Type Identification], Ryan M. Harris, Master's Thesis, Purdue University, May 2007
+
 
+
* [http://www.dfrws.org/2008/proceedings/p14-calhoun.pdf Predicting the Types of File Fragments], William Calhoun, Drue Coles, DFRWS 2008 [http://www.dfrws.org/2008/proceedings/p14-calhoun_pres.pdf [slides]]
+
 
+
[[Category:Bibliographies]]
+

Revision as of 09:24, 28 October 2008

Template:Underconstruction

Oxygen Forensic Suite 2

Oxygen Forensic Suite 2 is a mobile forensic software that goes beyond standard logical analysis of cell phones, smartphones and PDAs. Using advanced proprietary protocols permits Oxygen Forensic Suite 2 to extract much more data than usually extracted by logical forensic tools, especially for smartphones.

Unique information extraction

Besides the general data usually extracted, Oxygen Forensic Suite can extract a lot of unique information Using low-level protocols allows the program to extract: phone basic information and SIM-card data, contacts list, caller groups, speed dials, missed/outgoing/incoming calls, standard SMS/MMS/E-mail folders, custom SMS/MMS/E-mail folders, deleted SMS messages (with some restrictions), SMS Center timestamps, calendar events schedule, tasks, text notes, photos, videos, sounds, LifeBlog data (all main phone events with their geographical coordinates), Java applications, file system from phone memory and flash card, GPRS and Wi-Fi activity, voice records and much more. The list of supported features depends on a certain phone model.

Device coverage

Oxygen Forensic Suite 2 extracts data from Nokia, Vertu, Sony Ericsson, Samsung, Motorola, Blackberry, Panasonic, Siemens, HTC, HP, E-Ten, Gigabyte, i-Mate and other mobile phones. Oxygen Forensic Suite 2 has a strong smartphones and communicators support that base on Symbian OS, Nokia S60, Sony Ericsson UIQ, Windows Mobile 5/6 (without using ActiveSync!) and Blackberry smartphones.

Other

  • Software interface is specially designed for forensic analysis, data search and reporting. Oxygen Forensic Suite can either print reports or export them to the most popular file formats
  • Oxygen Forensic Suite guarantees the analyzed mobile phone data invariability while accessing it from the program.
  • Oxygen Forensic Suite has a full support of Unicode standard. So the multilanguage information is read and shown correctly.

Links