MOBILedit Cloud Forensic
With the rapid development and increased availability of mobile cloud computing, it is a logical step for us to provide enhanced capability for our customers to be able to investigate and extract data from clouds.
Cloud services are an easy way for app developers and software service providers to not only increase the amount of storage available for their end-users, yet also to provide cross-device and cross-platform integration for one account on many devices.
There are two options for how to use MOBILedit Cloud Forensic:
To be able to use this feature, it is necessary to have a computer connected to the internet.
Since the release of MOBILedit Forensic 9.4, support for new Clouds or their updates can be released via Live Updates. Therefore, you need to install the Cloud package if you have a valid MOBILedit Cloud Forensic license and want to use it either as an integration to MOBILedit Forensic PRO or ULTRA or as standalone software.
You can download or import the Cloud package using the "Check for updates" button as usual for other packages.
There is usually cached cloud data available on an examined device, however, being able to extract data directly from the cloud service is much more beneficial.
Our cloud extractor gives investigators the ability to access and extract data from some of the most popular cloud services, with the following clouds currently supported:
Name | Platform | Support of 2FA | What data can be extracted |
|---|---|---|---|
Blinkit | Android (rooted) / iOS / Credentials | Yes | Profile, accounts, order history, addresses |
Box | Android (rooted) / iOS / Credentials | Yes | Files, Image files, Documents, Audio files, Video files |
Dropbox | Android (rooted) / Credentials | Yes | Files, Image files, Documents, Audio files, Video files |
FTP | Credentials | No | Files, Images, Documents, Audio files, Video files |
Android (rooted) / iOS / Credentials | Yes | Contacts, Messages, Notifications | |
Facebook Messenger | Android (rooted) / iOS / Credentials | Yes | Contacts, Messages |
Google Cloud (Drive, Contacts, Calendar, Keep, Maps Timeline) | Android (rooted) / Credentials | Yes | Contacts, Organizer, Files, Image files, Documents, Audio files, Video files, Locations |
IMAP | Credentials | No | Messages |
Android (rooted) / iOS / Credentials | Yes | Contacts, Messages | |
Android (rooted) / Credentials | No | Contacts, Messages | |
Microsoft OneDrive, OneNote | Android (rooted) / iOS / Credentials | Yes | Organizer, Files, Image files, Documents, Audio files, Video files |
Microsoft Teams | Android (rooted) / iOS / Credentials | Yes | Contacts, Messages |
POP3 | Credentials | No | Messages |
Rapido | Android (rooted) / iOS / Credentials | Yes | GPS Locations, Account details and Contacts |
Skype | Android (rooted) / Credentials | No | Contacts, Messages, Calls |
Slack | Credentials | Yes | Contacts, Messages |
X (Twitter) | Android (rooted) / Credentials | Yes | Contacts, Messages, Notifications |
The analysis report shows information about cloud user account.
MOBILedit Cloud Forensic currently supports cloud data acquisition where the user has directly signed up and created an account with one of the supported services. For example, the user has signed up for an account directly with Instagram using an email and password.
If the user of the cloud account has signed up for one of the supported cloud services using a third-party platform, such as using a Facebook account to sign up for Instagram, we would be able to access the Facebook data yet, not the Instagram data.