Hello,
I was curious to know what other people on Forensic Focus think on which software has the best extraction results for Social Media Apps.
So I use the UFED4PC, but I want to know which software could do a better job then UFED.
I want to know your comments of other software's you lot have that has been effective for extracting most social media apps.
You can go a long way using Curl, IIRC it even supports inputting credentials.
Personally, i've used a programmable browser to save information from social media as text or screenshotting it, may not be for everyone, but it works for me and cost nothing.
(Another argument to get of the COTS wagon and learn to code).
Vesalius,
I am not sure if you are referring to Social Media evidence extraction solely from smartphones, but if you are also interested in extraction of Social Media evidence from workstations (laptop and desktop computers), then I recommend Magnet Forensics' Internet Evidence Finder / Axiom.
Another item to look at is SQLite database files as many Social Media applications store evidence of human activity in SQLite database files (both on smartphones and workstations).
Are you targeting smartphone based evidence or workstation based evidence (or cloud stored evidence)?
You can go a long way using Curl, IIRC it even supports inputting credentials.
Personally, i've used a programmable browser to save information from social media as text or screenshotting it, may not be for everyone, but it works for me and cost nothing.
(Another argument to get of the COTS wagon and learn to code).
This is really cool, currently checking out the CURL software, and will delve into it more, I personally work on Java and C++ at the moment, but how can I use this for mobile phone exploitation. So if I were to extract all Social media messages within a phone I would be able to do this by writing scripts and such, could you be kind enough to show me how it can improve my work as a digital forensic examiner, how I improve my workplace.
Some video links, tutorials etc. would be nice if you know of any?
Thanks.
Vesalius,
I am not sure if you are referring to Social Media evidence extraction solely from smartphones, but if you are also interested in extraction of Social Media evidence from workstations (laptop and desktop computers), then I recommend Magnet Forensics' Internet Evidence Finder / Axiom.
Another item to look at is SQLite database files as many Social Media applications store evidence of human activity in SQLite database files (both on smartphones and workstations).
Are you targeting smartphone based evidence or workstation based evidence (or cloud stored evidence)?
Hey, sorry if I wasn't descriptive enough. So basically, so let's say I have a smartphone right.
My clients, would like to be able to extract every single evidence that's got to with chat messages on any social media app on that phone, including voice recorded messages that were used to chat with.
So I would like to be able to extract them like UFED does, but UFED doesn't do a great job of extracting some social media apps on certain phones. For example, if a phone has telegram. UFED hasn't got capabilities of extracting telegram messages. For whatsapp messages on the other hand, it does the messages, but not the audio messages sent.
I currently have MAGNET AXIOM, but that doesn't do mobile phone exploitation, instead it works on specific images. I still haven't tried using a UFED physical image of a phone in the AXIOM software, but I will do so, but I'm hopeless of that too, because if it doesn't extract it in the first place, who says it Axiom will find / analyze it?
This is really cool, currently checking out the CURL software, and will delve into it more, I personally work on Java and C++ at the moment, but how can I use this for mobile phone exploitation. So if I were to extract all Social media messages within a phone I would be able to do this by writing scripts and such, could you be kind enough to show me how it can improve my work as a digital forensic examiner, how I improve my workplace.
Some video links, tutorials etc. would be nice if you know of any?
Thanks.
You can launch Curl from a a more modern .NET language with command line arguments, and then parse the results back in, then extract the data you want from the saved file using string functions like RegExp or XML/JSON parsing capabilities.
In .NET there is a Browser control you can use like Browsercontrol.Navigate("
When i was younger i wrote security tools that accessed network services using a socket api (in wsock32.dll), in .NET there are two purpose made classes TCPClient and UDPClient, you can use these classes to access and interact with network services directly. Stuff like that really opens up an entire new world of possibilities, this is why i recommend Forensics practitioners to learn how to write code.
Hey Vesalius,
Sorry for the delayed response, just saw this. You can dump that UFED extraction right into IEF or AXIOM and see if it pulls what you need. We do support Telegram and WhatsApp (you specifically mentioned those) on both iOS and Android devices.
We will root certain Android phones and can get a full image of an already rooted or jailbroken Android or iOS device but if you already have a good image from Cellebrite then certainly use it and we don't have as many exploits as them as well.
I usually suggest getting the best image you can from any tool and then run that image across as many tools as you can for analysis, that way you'll get the best of everything and no tool will support every app out there.
Anyway, feel free to reach out if you have any questions or trouble.
Jamie
jamie.mcquaid @ magnetforensics.com
Hey Vesalius,
Sorry for the delayed response, just saw this. You can dump that UFED extraction right into IEF or AXIOM and see if it pulls what you need. We do support Telegram and WhatsApp (you specifically mentioned those) on both iOS and Android devices.
We will root certain Android phones and can get a full image of an already rooted or jailbroken Android or iOS device but if you already have a good image from Cellebrite then certainly use it and we don't have as many exploits as them as well.
I usually suggest getting the best image you can from any tool and then run that image across as many tools as you can for analysis, that way you'll get the best of everything and no tool will support every app out there.
Anyway, feel free to reach out if you have any questions or trouble.
Jamie
jamie.mcquaid @ magnetforensics.com
Wow, got a reach out from Magnet themselves, well I have both IEF and Magnet, and they are both outstanding softwares, especially your latest Axiom, it's just that I thought if UFED Physical Analyzer doesn't show me the relevant social apps extraction that I'm looking for, then why would Magnet show me, but it seems like the image is shown differently from software to software.
Cheers anyways, gonna see if there is much of difference between both softwares.
Hello,
I was curious to know what other people on Forensic Focus think on which software has the best extraction results for Social Media Apps.
So I use the UFED4PC, but I want to know which software could do a better job then UFED.
I want to know your comments of other software's you lot have that has been effective for extracting most social media apps.
After many tests with various mobile forensic software, we use Oxygen Forensic Detective and UFED 4PC. Ask for trial version and compare results.
Hello Vesalius,
Oxygen Forensic® Detective software is the best tool to extract and parse apps data. We use various methods to acquire apps from iOS, Android, Windows Phone and Blackberry devices. If the app data is encrypted (WhatsApp, Threema, Telegram, etc) we are able to decrpt it. You can ask our helpdesk team for a demo version.