Tools should be used to triage what you need to focus your efforts on. Now will this tool get it right every time? No, but it gets you a little bit closer. This includes popular apps like Facebook, Facebook Messenger, WhatsApp and those less popular ones that will shock you when you load your image file and see the glorious application data parsed for you. Oxygen has taken the parsing of social networking apps to a new level. Now that, is the key to success right there. This tool is fantastic at supporting the parsing of third-party apps and when it can’t – guess what? It will give you a cheat sheet for the files you must MANUALLY examine. Why should you care? Because you are going to see smartphones with third-party applications on them. This tool has made my life so much easier! I am going to highlight some of my favorite new features. I have always loved the PList Editor and SQLite Viewer, but that is really where my love existed – until recently, that is. What changed my mind about Oxygen? Well, it’s not that I was ever against the tool, I just didn’t see how it added value to my everyday work or smartphone course until this latest release. Don’t get me wrong, there is never enough time, but some things are worth digging for and verifying! So… that is why I am normally opposed to those who use tools and live by what the tools report without digging in to verify. Is it the vendor’s fault – No! The phones are hard to keep up with and the version updates on each OS make it even harder, but examiners like to press the “Find Evidence” button and that makes me shiver. Normally, I have a hard time seeing the good side of tool output because the artifacts are often so convoluted and misleading to examiners who don’t know any better. So, it’s safe to say that I spend a lot of time becoming familiar with the tools, learning what I am able to trust and where they ultimately fail me. I also use these tools for my regular job, where I aim to find gaps and then fill them with my own methods and tools.
I test tools thoroughly and include the best ones in the SANS FOR585 Advanced Smartphone Forensic course that I co-author.
#Oxygen forensics 2018 update#
I have been using Oxygen for years and this last update has really impressed me.
I am just really impressed with the bounds Oxygen is making in the mobile world. First things first – this is NOT a sponsored blog. See what I did there? I am getting craftier with these blog titles.
0 kommentar(er)
