In order to aid companies in preventing and investigating data leaks and other corporate incidents, we have developed remote data extraction from mobile devices.
Starting with Oxygen Corporate Explorer v.1.1, users can remotely extract data from corporate mobile devices with Android versions 4.1 to 13. This can be done via the Agent Management Center, which also enables data collection from remote endpoints, PCs, and laptops, operating within the same network.
The following is required for successful data extraction:
- The main PC, to which the Agent Management Center is installed which is used to remotely extract data from various devices.
- A Windows endpoint that is added to the Agent Management Center.
- A corporate mobile device that is connected to the endpoint.
Although the device itself is connected via USB to a PC or a laptop during the data extraction process, the extraction itself is set and initiated from the Agent Management Center via a remote PC, which can be located anywhere in the world. This is why the method is called “remote data extraction.”
The Remote Extraction Process Step-by-Step
First, make sure that the endpoint, to which the device of interest needs to be connected, is added to the Agent Management Center. The endpoint itself should be online, and the license has to be active.
Then, select “Endpoint” from the toolbar, navigate to “Remote Device Collector” at the bottom of the list, and click “Install Remote Device Collector.” As soon as Remote Device Collector is successfully installed, the Endpoint type will change from “Basic” to “Advanced.”
Before initiating data extraction from a mobile device, register it in the Agent Management Center. To do this, select “Request device registration” under the “Remote Device Collector” menu.
The Oxygen Forensic® Device Extractor window will then open on the PC, to which the mobile device needs to be connected. In the opened window, the user will be asked to register the mobile device. An automatically detected device model and Hardware ID will paste into the “Device” field of the Oxygen Forensic® Device Extractor. Click “Register” to set the device name, and as soon as all necessary changes are applied, click “OK.”
Then, the registered device will appear in the “Endpoints” section of the Agent Management Center. The “Registered” status will be displayed next to it and one license will be written off. Once it is done, an unlimited number of extractions can be performed on the registered device.
Please make sure you follow the instructions that appear on the screen to prepare the mobile device for data extraction.
As soon as everything is set, user can proceed to running a remote data extraction task on the device. To do this, select the line with the device of interest from the “Endpoints” section and click “Run task” on the toolbar.
The window, from which search profiles can be set and chosen, will open. It is also possible to set a custom search task when looking for something specific. Select the relevant profile and click “Run” to initiate the remote data extraction from the registered device.
The Oxygen Forensic® Device Extractor window will open on the endpoint, to which the device is connected. After the connection is established, Android Agent will be installed on the device. Please grant the application all required permissions on the device, if requested, and click “Continue” to initiate the data extraction process.
The extraction results can either be saved on the endpoint, from which the extraction has been initiated, or imported into Oxygen Corporate Explorer. Android Agent can then be deleted from the device.
The following data can be extracted:
- Device information and settings;
- Media file information and metadata;
- Bluetooth-paired devices;
- Wi-Fi Access points;
- List of installed applications;
- Application files;
- APK files of installed applications;
- WhatsApp and WhatsApp Business media files;
- Dictionaries (available on devices with Android OS older than 6.0 );
- Google Chrome browser data (available on devices with Android OS older than 6.0 ).