ROOTUsers%USERNAME%AppDataRoamingOxyForensicsPhonesīy renaming the OFB extension to ZIP, you can open up the compressed container to view the contents. The default storage path for these images are under This is necessary in order to conduct analysis with any other tool, otherwise you will only get files specifically created or known by Oxygen. Examiners who may want to analyze the data in other tools will want to check the box indicated below:ĭuring an acquisition, you will have an option to include the physical dump or backup with the extraction. These OFB files are simply compressed archives that can be renamed to ZIP and viewed like any other compressed container.ĭepending on the extraction type, Oxygen does not create a forensic image of the evidence like most other tools, they will extract the files and data they need to be presented in their tool. These are not forensic images, they are case files much like how Cellebrite uses UFD files or how AXIOM stores its case data in a SQLite database with an MFDB extension. Oxygen allows you to archive extraction and case data into OFB files. You can read the intro blog here which will also link to others in the series. As a continuation of our blog series around using multiple tools to be successful in your forensic investigations, this post is going to look at loading images from Oxygen into AXIOM.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |