Hi, I’m Kevin Kyono. I’m a technical sales engineer with MSAB, and this is XRY and XAMN in 5. In addition to extracting data from devices, XRY has the ability to import your returns from search warrants and other legal processes. We currently support Google, Apple, Facebook, Instagram, and Snapchat. In their native format, these warrant returns may not be easily read. The provider only needs to provide you with the requested data. They don’t necessarily need to make this data easy to open and read.
XRY and XAMN can ingest these warrant returns and present the data in a format you’re familiar with. I’m going to show you two different ways you can import your warrant returns. You can use XRY, or you can use XAMN. First, I’m going to show you how to import your warrant returns using XRY.
So here in XRY, I can start a new empty case. I can open an existing case and add my returns to that case. But in this case, I’m going to start a new case. I’ll name my case “Warrant Returns,” designate a location to save it, and create case. From my empty case field, I can select “Extract” from the lower right corner. I’m going to type in this text box here. And from here, I could search for what type of warrant return I have. If it’s Instagram, I could start typing Instagram. And there’s your Instagram warrant return. For instance, if it’s Snapchat, I can start typing Snapchat and there’s my Snapchat warrant return.
But in this case, I’m going to use Google. There’s the Google warrant return, and I can click continue from here. Import has already chosen for me. Select Next, enter my file details and click Next, and from here, and we’re going to designate what type of format the warrant return is in. So I know it’s in a folder and that folder contains ZIP files within the folder. If I just select folder and point to the folder, it will automatically open up the ZIP files contained in that folder. So I will select folder; image type I’m going to leave blank; click Okay; find my search warrant returns; select the folder; and the process starts automatically.
The import process has completed and you see our extraction summary page. You see the file size is over 3.8 gigabytes. The number of artifacts extracted, device information, files and media, and a lot of location data as well. From our extraction summary page, I’m going to click “Open case overview” in the lower right corner. And you see now our case overview has our one import of the warrant return.
From here I’m going to click “Open case,” which is going to open this extraction in XAMN. You see how quickly that opens in XAMN. Now I’m going to show you how to import your warrant returns using XAMN. We’re going to click the Import tab in the upper left corner, select “Import warrant returns”; in this pop-up screen, we’re going to use the pull down menu to select our warrant returns, which is Google in this case. We’re going to point to where we have our warrants stored, and we’re going to select another one off our list. Once I click “okay,” the process starts.
For the sake of time, I’ve already imported all of the search warrant folders and added them to a case. And let’s take a look at the results. So in our investigative field, we see our categories and subcategories and how many artifacts we extracted out of that cloud account. So we have all of the contacts, device info, files and media, which are going to include your pictures, your videos, your documents, that location history. We have a lot of messages, including chats and emails and app data, including Google Maps, Google Search, and YouTube. The artifacts in parentheses are also deleted artifacts. So you can see, we extracted a lot of deleted artifacts as well. So that was the simple process of importing search warrant returns into your case. If you have any questions or comments about this process, you can contact myself or any of our other technical sales engineers, or you can contact our customer support at support at support at msab dot com. Thank you for your time.