Remote Data Extraction from Mobile Devices with Oxygen Remote Explorer.

September 11, 2023

Users of Oxygen Remote Explorer, formerly known as Oxygen Corporate Explorer, can now remotely extract data from mobile devices. Follow the step by step to help aid in your investigation.

In order to aid companies in preventing and investigating data leaks and other corporate incidents, we have developed remote data extraction from mobile devices.

Starting with Oxygen Remote Explorer v.1.1, users can remotely extract data from corporate mobile devices with Android versions 4.1 to 13. This can be done via the Agent Management Center, which also enables data collection from remote endpoints, PCs, and laptops, operating within the same network.

The following is required for successful data extraction:

  • The main PC, to which the Agent Management Center is installed which is used to remotely extract data from various devices.
  • A Windows endpoint that is added to the Agent Management Center.
  • A corporate mobile device that is connected to the endpoint.

Although the device itself is connected via USB to a PC or a laptop during the data extraction process, the extraction itself is set and initiated from the Agent Management Center via a remote PC, which can be located anywhere in the world. This is why the method is called “remote data extraction.”

The Remote Extraction Process Step-by-Step

First, make sure that the endpoint, to which the device of interest needs to be connected, is added to the Agent Management Center. The endpoint itself should be online, and the license has to be active.

Screenshot of the Agent Management Center, in Oxygen Corporate Explorer, and viewing the endpoints that have been added

 

Then, select “Endpoint” from the toolbar, navigate to “Remote Device Collector” at the bottom of the list, and click “Install Remote Device Collector.” As soon as Remote Device Collector is successfully installed, the Endpoint type will change from “Basic” to “Advanced.”

 

Screenshot of the Agent Management Center, in Oxygen Corporate Explorer, right clicking to bring up a menu, to then hover over ”Remote Device Collector“, and then select “Install Remote Device Collector”

Before initiating data extraction from a mobile device, register it in the Agent Management Center. To do this, select “Request device registration” under the “Remote Device Collector” menu.

The Oxygen Forensic® Device Extractor window will then open on the PC, to which the mobile device needs to be connected. In the opened window, the user will be asked to register the mobile device. An automatically detected device model and Hardware ID will paste into the “Device” field of the Oxygen Forensic® Device Extractor. Click “Register” to set the device name, and as soon as all necessary changes are applied, click “OK.”

 

Screenshot of the Device Extractor window, in Oxygen Corporate Explorer, and registering a device and entering the name.

 

Then, the registered device will appear in the “Endpoints” section of the Agent Management Center. The “Registered” status  will be displayed next to it and one license will be written off. Once it is done, an unlimited number of extractions can be performed on the registered device.

Please make sure you follow the instructions that appear on the screen to prepare the mobile device for data extraction.

As soon as everything is set, user can proceed to running a remote data extraction task on the device. To do this, select the line with the device of interest from the “Endpoints” section and click “Run task” on the toolbar.

The window, from which search profiles can be set and chosen, will open. It is also possible to set a custom search task when looking for something specific. Select the relevant profile and click “Run” to initiate the remote data extraction from the registered device.

Screenshot of the Run task menu open in the Agent Management Center, in Oxygen Corporate Explorer

The Oxygen Forensic® Device Extractor window will open on the endpoint, to which the device is connected. After the connection is established, Android Agent will be installed on the device. Please grant the application all required permissions on the device, if requested, and click “Continue” to initiate the data extraction process.

Screenshot of the Android Agent being successfully added to an Android device and extracting and transferring data back to Oxygen Corporate Explorer

 

The extraction results can either be saved on the endpoint, from which the extraction has been initiated, or imported into Oxygen Remote Explorer. Android Agent can then be deleted from the device.

The following data can be extracted:

  • Device information and settings;
  • Accounts;
  • Contacts;
  • Calls;
  • Calendars;
  • SMS/MMS/RCS;
  • Documents;
  • Media file information and metadata;
  • Databases;
  • Bluetooth-paired devices;
  • Wi-Fi Access points;
  • List of installed applications;
  • Application files;
  • APK files of installed applications;
  • WhatsApp and WhatsApp Business media files;
  • Dictionaries (available on devices with Android OS older than 6.0 );
  • Google Chrome browser data (available on devices with Android OS older than 6.0 ).

Want to try this feature?

Update your Oxygen Remote Explorer to version 1.1 or contact us for a demo.

Schedule a Demo

Related Resources.

Check out similar resources.