Social Media Extrac...
 
Notifications
Clear all

Social Media Extraction

10 Posts
6 Users
0 Likes
822 Views
Vesalius
(@vesalius)
Posts: 66
Estimable Member
Topic starter
 

Hello,

I was curious to know what other people on Forensic Focus think on which software has the best extraction results for Social Media Apps.

So I use the UFED4PC, but I want to know which software could do a better job then UFED.

I want to know your comments of other software's you lot have that has been effective for extracting most social media apps.

 
Posted : 09/10/2016 1:47 pm
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

You can go a long way using Curl, IIRC it even supports inputting credentials.

Personally, i've used a programmable browser to save information from social media as text or screenshotting it, may not be for everyone, but it works for me and cost nothing.

(Another argument to get of the COTS wagon and learn to code).

 
Posted : 10/10/2016 1:05 pm
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

Vesalius,

I am not sure if you are referring to Social Media evidence extraction solely from smartphones, but if you are also interested in extraction of Social Media evidence from workstations (laptop and desktop computers), then I recommend Magnet Forensics' Internet Evidence Finder / Axiom.

Another item to look at is SQLite database files as many Social Media applications store evidence of human activity in SQLite database files (both on smartphones and workstations).

Are you targeting smartphone based evidence or workstation based evidence (or cloud stored evidence)?

 
Posted : 10/10/2016 9:12 pm
Vesalius
(@vesalius)
Posts: 66
Estimable Member
Topic starter
 

You can go a long way using Curl, IIRC it even supports inputting credentials.

Personally, i've used a programmable browser to save information from social media as text or screenshotting it, may not be for everyone, but it works for me and cost nothing.

(Another argument to get of the COTS wagon and learn to code).

This is really cool, currently checking out the CURL software, and will delve into it more, I personally work on Java and C++ at the moment, but how can I use this for mobile phone exploitation. So if I were to extract all Social media messages within a phone I would be able to do this by writing scripts and such, could you be kind enough to show me how it can improve my work as a digital forensic examiner, how I improve my workplace.

Some video links, tutorials etc. would be nice if you know of any?

Thanks.

 
Posted : 10/10/2016 11:21 pm
Vesalius
(@vesalius)
Posts: 66
Estimable Member
Topic starter
 

Vesalius,

I am not sure if you are referring to Social Media evidence extraction solely from smartphones, but if you are also interested in extraction of Social Media evidence from workstations (laptop and desktop computers), then I recommend Magnet Forensics' Internet Evidence Finder / Axiom.

Another item to look at is SQLite database files as many Social Media applications store evidence of human activity in SQLite database files (both on smartphones and workstations).

Are you targeting smartphone based evidence or workstation based evidence (or cloud stored evidence)?

Hey, sorry if I wasn't descriptive enough. So basically, so let's say I have a smartphone right.
My clients, would like to be able to extract every single evidence that's got to with chat messages on any social media app on that phone, including voice recorded messages that were used to chat with.

So I would like to be able to extract them like UFED does, but UFED doesn't do a great job of extracting some social media apps on certain phones. For example, if a phone has telegram. UFED hasn't got capabilities of extracting telegram messages. For whatsapp messages on the other hand, it does the messages, but not the audio messages sent.

I currently have MAGNET AXIOM, but that doesn't do mobile phone exploitation, instead it works on specific images. I still haven't tried using a UFED physical image of a phone in the AXIOM software, but I will do so, but I'm hopeless of that too, because if it doesn't extract it in the first place, who says it Axiom will find / analyze it?

 
Posted : 10/10/2016 11:26 pm
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

This is really cool, currently checking out the CURL software, and will delve into it more, I personally work on Java and C++ at the moment, but how can I use this for mobile phone exploitation. So if I were to extract all Social media messages within a phone I would be able to do this by writing scripts and such, could you be kind enough to show me how it can improve my work as a digital forensic examiner, how I improve my workplace.

Some video links, tutorials etc. would be nice if you know of any?

Thanks.

You can launch Curl from a a more modern .NET language with command line arguments, and then parse the results back in, then extract the data you want from the saved file using string functions like RegExp or XML/JSON parsing capabilities.

In .NET there is a Browser control you can use like Browsercontrol.Navigate("www.site.com"), then access the data through the .documenttext (string) method and parse it from there. Advantage to using a browser control, is that you have more control over how the navigation works.

When i was younger i wrote security tools that accessed network services using a socket api (in wsock32.dll), in .NET there are two purpose made classes TCPClient and UDPClient, you can use these classes to access and interact with network services directly. Stuff like that really opens up an entire new world of possibilities, this is why i recommend Forensics practitioners to learn how to write code.

 
Posted : 11/10/2016 3:06 am
(@mcman)
Posts: 189
Estimable Member
 

Hey Vesalius,

Sorry for the delayed response, just saw this. You can dump that UFED extraction right into IEF or AXIOM and see if it pulls what you need. We do support Telegram and WhatsApp (you specifically mentioned those) on both iOS and Android devices.

We will root certain Android phones and can get a full image of an already rooted or jailbroken Android or iOS device but if you already have a good image from Cellebrite then certainly use it and we don't have as many exploits as them as well.

I usually suggest getting the best image you can from any tool and then run that image across as many tools as you can for analysis, that way you'll get the best of everything and no tool will support every app out there.

Anyway, feel free to reach out if you have any questions or trouble.

Jamie
jamie.mcquaid @ magnetforensics.com

 
Posted : 21/10/2016 8:29 pm
Vesalius
(@vesalius)
Posts: 66
Estimable Member
Topic starter
 

Hey Vesalius,

Sorry for the delayed response, just saw this. You can dump that UFED extraction right into IEF or AXIOM and see if it pulls what you need. We do support Telegram and WhatsApp (you specifically mentioned those) on both iOS and Android devices.

We will root certain Android phones and can get a full image of an already rooted or jailbroken Android or iOS device but if you already have a good image from Cellebrite then certainly use it and we don't have as many exploits as them as well.

I usually suggest getting the best image you can from any tool and then run that image across as many tools as you can for analysis, that way you'll get the best of everything and no tool will support every app out there.

Anyway, feel free to reach out if you have any questions or trouble.

Jamie
jamie.mcquaid @ magnetforensics.com

Wow, got a reach out from Magnet themselves, well I have both IEF and Magnet, and they are both outstanding softwares, especially your latest Axiom, it's just that I thought if UFED Physical Analyzer doesn't show me the relevant social apps extraction that I'm looking for, then why would Magnet show me, but it seems like the image is shown differently from software to software.

Cheers anyways, gonna see if there is much of difference between both softwares.

 
Posted : 22/10/2016 12:40 pm
Mreza
(@mreza)
Posts: 84
Trusted Member
 

Hello,

I was curious to know what other people on Forensic Focus think on which software has the best extraction results for Social Media Apps.

So I use the UFED4PC, but I want to know which software could do a better job then UFED.

I want to know your comments of other software's you lot have that has been effective for extracting most social media apps.

After many tests with various mobile forensic software, we use Oxygen Forensic Detective and UFED 4PC. Ask for trial version and compare results.

 
Posted : 22/10/2016 1:57 pm
OxygenForensics
(@oxygenforensics)
Posts: 143
Estimable Member
 

Hello Vesalius,

Oxygen Forensic® Detective software is the best tool to extract and parse apps data. We use various methods to acquire apps from iOS, Android, Windows Phone and Blackberry devices. If the app data is encrypted (WhatsApp, Threema, Telegram, etc) we are able to decrpt it. You can ask our helpdesk team for a demo version.

 
Posted : 28/10/2016 7:09 pm
Share: