MOBILedit Cloud Forensic
With the rapid development and increased availability of mobile cloud computing, it is a logical step for us to provide enhanced capability for our customers to be able to investigate and extract data from clouds.
Cloud services are an easy way for app developers and software service providers to not only increase the amount of storage available for their end-users, yet also to provide cross-device and cross-platform integration for one account on many devices.
There are two options for how to use MOBILedit Cloud Forensic:
To be able to use this feature, it is necessary to have a computer connected to the internet.
There is usually cached cloud data available on an examined device, however, being able to extract data directly from the cloud service is much more beneficial.
Our cloud extractor gives investigators the ability to access and extract data from some of the most popular cloud services, with the following clouds currently supported:
Name | Platform | Support of 2FA | What data can be extracted |
|---|---|---|---|
Box | Android (rooted) / iOS / Credentials | Yes | Image files, audio files, video files, documents, files |
Booking.com | Android (rooted) / iOS / Credentials | No | Messages, locations |
Dropbox | Android (rooted) / Credentials | Yes | Image files, audio files, video files, documents, files |
Android (rooted) / iOS / Credentials | Yes | Contacts, messages | |
Facebook Messenger | Android (rooted) / iOS / Credentials | Yes | Contacts, messages |
Google Cloud (Drive, Contacts, Calendar, Keep, Timeline) | Android (rooted) / Credentials | Yes | Contacts, organizer, files, image files, documents, audio files, video files |
Android (rooted) / Credentials | No | Accounts, contacts, messages | |
Android (rooted) / iOS / Credentials | Yes | Contacts, messages | |
Microsoft Onedrive | Android (rooted) / iOS / Credentials | Yes | Image files, audio files, video files, documents, files |
Microsoft Teams | Android (rooted) / iOS / Credentials | Yes | Files, images, documents, audio, video |
Slack | Credentials | Yes | Account, contacts, messages, |
Skype | Android (rooted) / Credentials | No | Contacts, messages, call logs |
Android (rooted) / Credentials | Yes | Accounts, contacts, messages, notifications | |
FTP | Credentials | No | Files, images, documents, audio, video |
IMAP | Credentials | No | Messages |
POP3 | Credentials | No | Messages |
MOBILedit Cloud Forensic currently supports cloud data acquisition where the user has directly signed up and created an account with one of the supported services. For example, the user has signed up for an account directly with Instagram using an email and password.
If the user of the cloud account has signed up for one of the supported cloud services using a third-party platform, such as using a Facebook account to sign up for Instagram, we would be able to access the Facebook data yet, not the Instagram data.