There are cases when investigators cannot access the devices or clouds of the person under investigation but need to acquire data from an app. In such cases, a warrant is sent to the company of interest, asking them to share the app data which could be crucial to the investigation. If the request is approved, the data from the app of interest is sent as a warrant return.
Analyzing warrant returns can be problematic, as they are not standardized. In most cases, a warrant return is a zip archive with nested structures containing many files of various formats. At Oxygen Forensics, we have developed a solution enabling investigators to analyze and sort data from a warrant return effectively.
Facebook, Instagram, Snapchat, Twitter, and Google warrant returns can be imported in Oxygen Forensic® Detective. To import, locate the Warrant return section under Import on our Home page, and then select the service.
Below is the data that is included in a warranted return and thus can be analyzed using Oxygen Forensic® Detective.
Facebook and Instagram
- Account information
- List of contacts
- Messages
- Screenshots
Snapchat
- Information about the user account
- Login history
- Private chats, including sent and received media
- Group chats, including sent and received media
- User account information
- Account actions
- Devices
- Tweets
- Chats
