Wickr Me Extraction in Oxygen Forensic Detective

Wickr Me Messenger allows users to exchange end-to-end encrypted and content-expiring messages, as well as end-to-end encrypted video conference calls. Wickr Me was founded in 2012 by a group of security experts who wanted to implement new standards of data privacy that had been previously available only to military and intelligence operatives. All communications on Wickr Me are encrypted locally on each device with a new key generated for each new message, meaning that no one except Wickr Me users have the keys to decipher their content.

Oxygen Forensic® Detective has a long history of supporting data extraction from Wickr Me. Data parsing from Wickr Me was first added in version 9.2.1 in 2017. Since then, we have continuously updated our software, providing our customers with better and more comprehensive support of even the most secure services.

Using Oxygen Forensic® Detective v.14.1, investigators can extract data from Wickr Me using OxyAgent, our very own application designed for cases when an Android device cannot be connected to the investigator’s PC via usual methods or when physical data extraction is not supported. Before trying this method, make sure that the device under investigation fits the following criteria:

  • The device should be unlocked.
  • The device should be operated on Android 4.x or higher.
  • It should be possible to insert an SD card or an OTG-adapter into the device.
  • It should be possible to run third-party apps on the device.

Installing OxyAgent

To install OxyAgent, run Oxygen Forensic® Extractor from the Oxygen Forensic® Detective home screen, select the Android OxyAgent extraction of interest from the list of available Android data extraction types, and follow the instructions on the screen.

Extracting Data

As soon as OxyAgent has been downloaded on the device, proceed to the “Extract third party application data” to extract Wickr Me data. Please note that accessibility services have to be activated on the device in OxyAgent settings since Wickr Me does not have built-in data storage methods. The features of accessibility services are required for moving across the menu, scrolling pages, and collecting data.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Running OxyAgent

Automatic message unblock and screenshot permission are turned off in the app by default. Since it is essential for data collection, OxyAgent turns these features on before data extraction is started and restores upon its completion.

With OxyAgent, investigators can extract account information, user’s contacts, private chats with attachments, rooms (group conversations) with attachments, saved files, links, and calls from Wickr Me application.

Note: The Expiration Timer in Wickr Me sets the lifespan of every message from 6 hours to 6 days; after this allotted time, the message will disappear from the device. The expired messages cannot be extracted via OxyAgent. To acquire them, investigators will have to use a physical extraction method. Also, performing Wickr Me extraction via OxyAgent or opening the Wickr Me application leads to the automatic deletion of expired messages.

Investigators can fine-tune data extraction from Wickr Me using additional settings, enabling the investigator to:

  • Save information about group participants.
  • Save profile pictures during extraction.
  • Save available attachments from chats.
  • Extract saved items from group chats.
  • Extract all private chats.
  • Extract all group chats.
  • Extract all messages.

We recommend using this feature when searching for specific data and time is of the essence. However, in other cases, it is always better to have a full scope of all available data.

To find out more about Wickr Me support in Oxygen Forensic® Detective, read one of our previous blog posts.

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, February 21 2024 #digitalforensics #dfir

Forensic Focus 21st February 2024 6:19 pm

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. 

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director 
43:45 – Privacy of user data

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts.

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director
43:45 – Privacy of user data

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_ifoHVkjJtRc

How MSAB Is Managing The Digital Forensics Challenges Of Frontline Policing

Forensic Focus 21st February 2024 3:07 pm

Podcast Ep. 80 Recap: Empowering Law Enforcement With Nick Harvey From Cellebrite

Forensic Focus 20th February 2024 11:49 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles