OXYGEN FORENSICS CERTIFICATION ARCHIVE
ROOTUsers%USERNAME%DesktopSamsung SCH-i535 Galaxy S3 SCH-i535 Galaxy S3 (%GUID%) %DATETIME%.ofb Contents of OFB Archive Image typesįor physical images a raw/binary file gets created, these appear to be a single raw file (not segmented):
If you’ve chosen to archive the data to an OFB file, then the same structure exists with the image within the OFB archive, but it gets saved to where you choose to save the archive. Inside this folder there are entries for each device acquired and inside those device folders is a folder called “DeviceImage” which is where the actual image is stored. ROOTUsers%USERNAME%AppDataRoamingOxyForensicsPhonesīy renaming the OFB extension to ZIP, you can open up the compressed container to view the contents. The default storage path for these images are under This is necessary in order to conduct analysis with any other tool, otherwise you will only get files specifically created or known by Oxygen. Examiners who may want to analyze the data in other tools will want to check the box indicated below:ĭuring an acquisition, you will have an option to include the physical dump or backup with the extraction. These OFB files are simply compressed archives that can be renamed to ZIP and viewed like any other compressed container.ĭepending on the extraction type, Oxygen does not create a forensic image of the evidence like most other tools, they will extract the files and data they need to be presented in their tool. These are not forensic images, they are case files much like how Cellebrite uses UFD files or how AXIOM stores its case data in a SQLite database with an MFDB extension. Oxygen allows you to archive extraction and case data into OFB files. You can read the intro blog here which will also link to others in the series.
OXYGEN FORENSICS CERTIFICATION SERIES
As a continuation of our blog series around using multiple tools to be successful in your forensic investigations, this post is going to look at loading images from Oxygen into AXIOM.
0 kommentar(er)
