TikTok Analysis.

mayo 12, 2022

TikTok is a social media platform everyone around the globe has heard of.  It is a simple app that shows users short videos delivered through an algorithm tailored for each user. TikTok, released in 2016, had 1.7 billion users at the end of of 2023. The United States’ TikTok user count of 143.4 million is the highest among countries, followed by Indonesia, Brazil, Mexico, and Vietnam.

Social media platforms, like TikTok, that are free to download and install with over a billion users, but comes with obvious risks. To help our customers gain the upper hand, we created a powerful extractor and parser in Oxygen Forensic® Detective that offers the most comprehensive TikTok data extraction from mobile devices and the cloud in the industry.

What data can investigators extract from Tik Tok?

Investigators can extract various types of data from TikTok to aid in their investigations. Some of the key data that can be extracted include:

  • User Account Information:
    • Usernames and display names
    • Profile pictures
    • Bio information
    • Contact details (if provided)
    • Followers and following counts
    • Account creation date
  • Video Content:
    • Videos uploaded by users
    • Video titles and descriptions
    • Video timestamps (creation, upload, and last modified)
    • Video duration
    • Hashtags used in videos
    • Comments on videos
    • Likes, shares, and views counts
  • Metadata:
    • Geolocation data (if enabled)
    • Device information (device model, operating system)
    • IP addresses (from login sessions)
    • Timestamps (creation, upload, interaction)
  • User Interactions:
    • Following/follower relationships
    • Likes, shares, and comments on other users’ videos
    • Private messages and chats
    • Blocking and reporting activities
    • Engagement Metrics:
    • Engagement rates (likes, shares, comments)
    • Trends in user activity (peak times, frequency of posting)
    • Virality of content (videos going «viral»)
  • User Preferences:
    • Content preferences (based on liked videos, shared content)
    • Interaction patterns (types of interactions with other users)
    • Trending topics and challenges participated in
  • Account Settings:
    • Privacy settings (public, private)
    • Account security settings (two-factor authentication, password reset options)
    • Account activity history (login sessions, device history)
  • Deleted Content:
    • Recoverable data from deleted videos or messages (if not permanently removed)

TikTok support in Oxygen Forensic® Detective

TikTok cloud extraction

Users can extract TikTok cloud data by opening Cloud Extractor in the Oxygen Forensic® Detective home menu and select TikTok in the list of apps.

There are several ways to authorize a TikTok cloud account.

  • Username and password
  • Phone number
  • Token extracted from a mobile device

Screenshot of TikTok data extracted from the cloud within in Oxygen Forensic Detective

If an account is secured with two-factor authentication (2FA), the examiner may obtain an SMS code on the device or get the code on the account owner’s e-mail. It is also possible to extract data utilizing a proxy.

Alternatively, an examiner can import credentials or tokens from the Oxygen Forensic® Detective Accounts and Passwords section of a mobile device extraction by clicking on Extract with the Cloud Extractor button located on the toolbar.

Once authorized, investigators can proceed to extract data, such as:

  • user account information
  • contacts,
  • coins
  • login history
  • notifications
  • private messages
  • uploaded content
  • liked posts
  • comments
  • files

TikTok data extracted from the cloud within Oxygen Forensic Detective

TikTok extraction from mobile devices

TikTok extraction from mobile app

For TikTok mobile extraction Oxygen Forensic® Detective supports both iOS and Android apps. We recommend a physical extraction for Android devices and a full file system  extraction for Apple iOS devices.

Depending on the mobile OS, evidence set might include:

  • account information
  • activity history
  • cache
  • cookies
  • chats
  • contacts
  • comments
  • downloads
  • files
  • hashtags
  • logs
  • music
  • search
  • video

We recommend extracting data from both the app and the cloud since the datasets differ slightly.

For example, cookies and cache can only be extracted from a mobile device, whereas notifications and all liked posts are only available from the cloud because they are not stored locally on the device.

TikTok data extracted from a mobile device within Oxygen Forensic Detective

Interested in this feature?

Contact Us