How To Use And Export Cloud Tokens With XRY

In this video, I’m going to show you how to download cloud tokens with XRY. This does require the XRY Cloud license to download them. You don’t get them without that license – as you can see here, I did obtain three cloud tokens, you can see the icons on the right for Facebook, Google and Instagram.

I’m going to click on ‘Finish,’ and this will bring up the case overview in XRY. And as you can see here, all three cloud tokens are empty.

If you go down to the lower left in XRY, you can see, if you click on that, you can open the case location. So you select ‘Open case location,’ click ‘OK,’ and this will bring up the actual location of where the extractions are. And you can see that these are empty. We don’t download them, because it may be beyond the scope of your search. Just remember, you need the XRY Cloud license and an internet connection to download them.

If I want to download the Facebook ones, first click on ‘Facebook.’ Here you can see a check next to the Facebook token.

Down here in the lower right, where it says ‘Open,’ you can click on that, select ‘Download,’ click ‘OK.’ You have to be connected to the internet. It starts a log file, and now you can select all categories; deselect all; and select one, or a combination of, categories.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

I’m going to go ahead and select all. Click ‘OK.’ That brings me to a date range, so I can set a date range by year; go to the month; and have an end date. I’m going to select all and click ‘OK.’ For the amount of data with Facebook, I do recommend a date range.

So now the extraction process starts with a log. Now you can see the items have been decoded. They are being added to the case. Now, be aware that there are different types of tokens, some are short-lived and some are long-lived. Some may last for 30-45 days, others hours.

An update; phone shut off and restarted; the user changing the password; and choosing to downgrade apps: those things probably will make these tokens invalid.

Now you can see I have downloaded data from the cloud. So now I’m going to open the case location, and you can see that there is data here with the Facebook token – 586 KB. I’m going to go download the other two cloud tokens in the same manner. I do prefer to download them individually.

Now that I have them all downloaded, I’m going to open up the case location – I’ll end up closing XRY, but I’m going to click ‘OK,’ ‘Open case location,’ and I’m going to double-click on ‘Open the cloud XRY case’ with XAMN. There. The case file is open.

Over on the far left, you can see the case info, where I can add information; in the middle, data sources. I can expand each one of these tokens and devices. I can actually click on ‘View all artifacts’ for an independent one and open it up from here. I can deselect all, select the Facebook cloud token, and see the content categories for that on the right.

I’m going to click ‘Messages’ and open up a Message tab and see the messages there.

Now I can see the messages from the cloud token here in the list view. I sort by time – oldest at the top – I can see this one has attachments, because it has the paper clip. I can see the map if I scroll down, I’m connected to the internet, or using offline maps if I’m not.

So I hope you enjoyed this video. Thank you, and stay safe.

Find out more at MSAB.com.

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, February 21 2024 #digitalforensics #dfir

Forensic Focus 21st February 2024 6:19 pm

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. 

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director 
43:45 – Privacy of user data

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts.

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director
43:45 – Privacy of user data

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_ifoHVkjJtRc

How MSAB Is Managing The Digital Forensics Challenges Of Frontline Policing

Forensic Focus 21st February 2024 3:07 pm

Podcast Ep. 80 Recap: Empowering Law Enforcement With Nick Harvey From Cellebrite

Forensic Focus 20th February 2024 11:49 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles