Analysing Dating Apps Using Oxygen Forensic Detective

Hey everyone. It’s Ryan from your Oxygen Forensic Training team, and welcome back to another Oxycast Webinar. In this webinar, as you can see on screen, we are going to discuss dating apps. During this Oxycast, we will look at a brief history of dating applications, some pretty interesting statistics, some locations of where some forensic artifacts are found, and of course, show you how to create a forensic image and analyze some of the more popular dating applications using the Oxygen Forensic Detective.

Online dating has been around the internet for as long as most of us can probably remember. Over the years, the online dating market has drastically changed and leveraged the social media boom to reinvent its purpose and consumer outreach. From the emergence of Match.com in 1995 on through the years to 2012, where we see the beginnings of the most popular current applications such as Hinge and Tinder.

Now looking at the over 1500 online and application-based dating services, not only is finding a connection or even love, easier than it has ever been before, but the amount of digital forensic artifacts associated with these applications and data that’s been aggregated to fit the application’s purpose has grown exponentially.

When looking at the numbers alone, we see that as of 2022, there were over 366 million online dating service users with an estimate of over 440 million by 2027. Global revenue for dating applications was approximately $2.86 billion in 2022, and it is projected to grow substantially by 2027 as well. The top three most recognizable dating applications are Tinder, Match, and eHarmony. Tinder is currently the global market leader accruing over 64 million application stored downloads.

Let’s take a quick peek into operating system artifact locations. Each operating system has its own unique way of storing application based data and dating applications are no exception. While the location may be the same or similar, the naming conventions may be more than just a box of chocolates. As we see here, this is not by any means an all-inclusive list of where applications store data. This is just some of the locations between Apple and Android where we can find some of that unique application data.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


All right, so we’re going to get into extracting the data that we collected. In this particular instance, I used an iPhone eight as we see here, and I’m going to use the iOS agent extraction method. So, as we go along the next few screens, you’re just going to see a step by step process of how I went about extracting the data from the iOS agent. Then we’re going to jump right into Oxygen Forensic Detective and analyze the data that we collected.

Now that a successful connection has been made with the device. Now we’re going to get into preparing the device for data extraction. On this particular screen, we input our Apple ID and associated password, whether for our free Apple ID account, which is going to require an active internet connection on the device to use this method in order to authenticate the Apple ID and password, or if you’re enrolled in the Apple Developer Program, which doesn’t require an internet connection to authenticate this login method.

All right, we’re ready to go to begin the extraction of this device. So what I’m going to do is select this full extraction methodology, because what I want to do is pull as much data from this device as possible, but depending on the scope of your investigation, whatever your left and right limits may be, you may want to choose that selective extraction option, which is going to give you the opportunity to specifically select any application or data type or artifact that you’d like to pull from this device specifically, rather than collecting against the entirety of the device or the entirety of the data available on the device using this method.

All right, our extraction is complete, and now it’s calculating hashes, this going to be the next step. Then following this, we’re going to go ahead and be ready to import this directly into Oxygen Forensic Detective and begin our analysis. Once again, I want to take this opportunity to thank everyone for participating in this Oxycast webinar to discuss dating application analysis. While this isn’t a complete and entire look at the capabilities and the depth with which you can analyze application data, it can help give you an idea in your investigation for avenues to pursue throughout the course of that investigation.

For more information about Oxygen Forensic Detective and its analytical capabilities, contact us about available training opportunities and visit us on our website. In the meantime, scan this QR code for a free trial license and an opportunity for you to conduct some dating application analysis on your own.

Leave a Comment

Latest Articles