MEGA is an encrypted cloud storage service that allows users to chat with other users, have group video and voice calls, backup photos and videos, and synchronize files. Users may do so between trusted devices or share them privately, on its official website. MEGA describes itself as “The Most Trusted, Best-Protected Cloud Storage” and emphasis is made on the services, security, and privacy.
Nevertheless, using the new version of Oxygen Forensic® Detective, investigators will be able to extract evidence from the MEGA cloud, while leaving no traces at all.
To initiate the extraction, update Oxygen Forensic® Detective to version 14.1, open the Oxygen Forensic® Cloud Extractor, and select MEGA from the list of supported cloud services.
What is needed?
The investigator will be asked to enter the user’s login, password, or token to authorize in the cloud. Tokens from both iOS and Android devices are supported, as well as those that were generated during authorization by login and password. Credentials or tokens can be imported from the “Accounts and passwords” section of Oxygen Forensic® Detective upon analyzing data from the suspect’s devices.
If 2FA protection is on, the investigator will be asked to enter either a backup code or a code from Google Authenticator to pass it.
What can be extracted?
As soon as the authorization information is verified, Oxygen Forensic® Cloud Extractor will proceed to extract data from the cloud. Investigators can gain access to the information about the account owner, their contacts, pending friend requests, stored files, shared and stored links, folders, attachments, private chats, group chats, and group chat members. Please note that the set of available data depends on its owner and may differ.