TOOLS
Oxygen Forensics Suite 2
Oxygen Forensics Suite is a Mobile Golubev. This cleared things up in my mind and I
Forensics Suite. It provides detailed proceeded with my testing.)
analysis of mobile phones, PDA's and
smart phones. Application in use: Nokia E61
Smart Phone
Installation During the extraction, I was asked to install their
I downloaded the application from the application to the phone to aid in the extraction
website via the links provided, a nice and process. Once this was completed, I extracted
easy installation by following the on-screen the data, as before and was able to retrieve the
instructions and no reboot required. Once the following from the device: Network Operator;
program is installed, you are provided with a Contact Details; SMS Sent; SMS Received;
step-by-step presentation on how best to use Outgoing Calls; Incoming calls; Images cap-tured
this application in order for you to extract data on camera; All files on the device (documents,
from the device that requires investigation. images, music files etc.); Full chronological order
As a precaution, I also downloaded the of events on the phone; Details of web pages
Oxygen Forensic Suite 2 Drivers pack. This visited; Details of bookmarks in the browser. I
package included Cable, Bluetooth and Infra- exported the data to a pdf to have paper copy.
red adapter drivers for all devices supported by While viewing the data, each item you select
Oxygen Forensic Suite 2. is shown at the bottom of the screen. You have
Upon first use, you are required to change the two viewing options where you can select how
master username and password before you can you actually see the data. On one side I had it System: Windows XP
proceed. Initially I thought you had to just change set to see the HEX of the data and on the other System Details: Service
the password, but after 5 minutes of head side it was set to auto-detect. This enables to Pack 2, 1GB Ram, Intel
scratching, I realised I needed to change both. actually check the headers of the files, so if Pentium M 1.73Ghz.
someone has tried to just rename a file to hide Phones tested: Sony
Process to extract data data, you will be able to see exactly the type of Ericsson K510i, Nokia E61
Follow the instructions through the Oxygen file it really is on the HEX side. License: full version
Connection Wizard. Select your mobile phone Url: http://www.oxygen-
manufacturer and then model number. Overall Impressions forensic.com/en
Connect the phone to the computer, and then This is a very impressive piece of software, Pricing: Standard Ź 499,
click connect. and the features available seem to cover all Professional Ź 799
If there is a requirement to install software to eventualities regarding examining a device for Comparison:
the mobile phone to allow full extraction of data, forensic purposes. There was one feature that I http://www.oxygen-
then you will be prompted to do so. There may be was not able to test and that was the Geo event forensic.com/en/compare/
some of you who will be concerned that we are positioning option. This option extracts the
making changes to the system that we are trying exact phone location during all the events that
to extract data from and usual forensic practice took place on the device.
is to always work on a read-only system. I did I can imagine a few scenario's where
check this with the manufacturer and received the this software would be of use, one of which
following in response. This is a common, but not would be for schools where there has been
confusing question. The current situation in phone bullying via phones on pupils. This would
forensics is a matter of choice. Experts can use enable the staff to extract all the data from
standard methods and get a little portion of data the victim s phone and store it for future use. I
or even don't get a single valuable item. On the was very impressed by this software and did
other hand, they can use extended methods that not realise just how much data is stored on a
we and other solutions, even those who constantly device I keep in my pocket. It tracks all of my
claim about read-only modes offer and get the movements (if the phone has GPS) and gives
whole variety of data. Frankly speaking there a good insight on my daily life. Very simple and
are 2 areas in mobile phones: for data and for easy to use, but also very powerful on the data
the system, and installing Agent application we in extracts and provides to the user/investigator
don't influence user data in any way, Nickolay by Michael Munt.
1/2010 HAKIN9 15