Skip to main content

  • Social Media Forensics

Preserving user accounts offers a wealth of insights, unraveling behavioral patterns, and contextual nuances pivotal for informed analysis. By establishing an irrefutable chain of custody, the evidentiary weight of digital data is fortified, enhancing its value in legal proceedings.

  1. Data Authenticity: Forensic preservation ensures the originality and integrity of user interactions, safeguarding electronic evidence from tampering or alteration.

  2. Legal Compliance: By preserving user accounts, organizations adhere to legal standards, promoting transparency and accountability during digital investigations.

  3. Behavioral Insights: Preserved user accounts provide a comprehensive record of behaviors and conversations, offering valuable insights for understanding patterns and motives.

  4. Solid Evidentiary Foundation: Establishing a secure chain of custody through forensic preservation bolsters the credibility and admissibility of digital data in legal proceedings.

  5. Informed Decision-Making: Forensically preserved user accounts empower investigators to navigate social media complexities, enabling strategic analysis and confident decision-making.

Enhance Your E-Discovery Investigation with Valuable Insights from Social Media and Chat Messages

    The Social Media Sites We Support And The Types Of Data Can Be Searched And Extracted

    • FaceBook

      • Login and access logs: Facebook logs all login attempts and access to user accounts. These logs can reveal the IP address, time, and type of access (e.g., login, logout) for each event.
      • Profile information: Facebook profiles contain a wealth of information, including name, location, interests, education, and employment history. This information can be used to build a profile of the user and potentially identify them.
      • Messages: Facebook allows users to send and receive messages, which can contain valuable information about user activities, including communication with other users, sharing of files, and discussions about sensitive topics.
      • Posts and comments: Facebook posts and comments can reveal a user's interests, opinions, and social connections. Forensic analysis of these artifacts can provide valuable insights into the user's behavior and activities.
      • Friend lists: Facebook friend lists can reveal a user's social connections and potentially identify other users who may be involved in the user's activities.
      • Ads and ad targeting data: Facebook allows advertisers to target users based on demographic and interest data. Forensic analysis of ad targeting data can reveal valuable insights into the user's interests and potentially identify other users who share similar interests.

    • Instagram

      • Login and access logs: Instagram logs all login attempts and access to user accounts. These logs can reveal the IP address, time, and type of access (e.g., login, logout) for each event.
      • Profile information: Instagram profiles contain a wealth of information, including name, location, interests, and profile picture. This information can be used to build a profile of the user and potentially identify them.
      • Posts and comments: Instagram posts and comments can reveal a user's interests, opinions, and social connections. Forensic analysis of these artifacts can provide valuable insights into the user's behavior and activities.
      • Direct messages: Instagram allows users to send and receive direct messages, which can contain valuable information about user activities, including communication with other users, sharing of files, and discussions about sensitive topics.
      • Stories: Instagram allows users to post short-lived "stories" that can reveal a user's current activities, location, and social connections.
      • Followers and following lists: Instagram followers and following lists can reveal a user's social connections and potentially identify other users who may be involved in the user's activities.
      • Hashtags and search history: Instagram allows users to search for content using hashtags, and logs these searches. Forensic analysis of hashtag and search history data can reveal a user's interests, activities, and potentially sensitive information.

    • OneDrive

      • File metadata: Information about the files stored in the OneDrive account, including file names, creation and modification dates, file size, and file type.
      • Access logs: OneDrive provides access logs that show a record of all user activity in the account, including metadata such as the date and time of the activity, user ID, activity type, IP address, and details about the file involved.
      • Deleted files: OneDrive keeps a record of all files that have been deleted from the account, including metadata such as the file name, deletion date, and user ID.
      • Shared files: OneDrive allows users to share files with other users, and forensic analysis can reveal information about the files shared, including metadata such as the file name, user ID, and date and time of the share.
      • Version history: OneDrive allows users to store multiple versions of a file, and forensic analysis can reveal information about the different versions of a file, including metadata such as the version number, date and time of the version, and user ID.
      • Sync data: OneDrive can be configured to automatically sync files to local devices, and forensic analysis can reveal information about the sync activity, including metadata such as the date and time of the sync, user ID, and details about the files involved.

    • SharePoint

      • Site metadata: Information about the SharePoint sites that the user has access to, including site names, creation and modification dates, and site owners.
      • User activity logs: SharePoint provides activity logs that show a record of all user activity in the account, including metadata such as the date and time of the activity, user ID, activity type, and details about the item involved.
      • Document metadata: Information about the documents stored in the SharePoint account, including document names, creation and modification dates, document type, and document size.
      • Deleted documents: SharePoint keeps a record of all documents that have been deleted from the account, including metadata such as the document name, deletion date, and user ID.
      • Access permissions: SharePoint allows users to grant access permissions to other users, and forensic analysis can reveal information about the access permissions, including metadata such as the user ID, access level, and date and time of the permission grant.
      • Version history: SharePoint allows users to store multiple versions of a document, and forensic analysis can reveal information about the different versions of a document, including metadata such as the version number, date and time of the version, and user ID.
      • Site settings: SharePoint site settings contain information about the site's configuration, including metadata such as the site name, site owner, and site permissions.

    • DropBox

      • Login and access logs: Dropbox logs all login attempts and access to files. These logs can reveal the IP address, time, and type of access (e.g., read, write, delete) for each login or access event.
      • File metadata: File metadata in Dropbox can reveal information about when a file was created, last modified, and who modified it. This information can be used to determine if any unauthorized access or changes were made to files.
      • Deleted files: Dropbox stores deleted files in a hidden trash folder for 30 days. Forensic analysis of this folder can recover deleted files and determine if any malicious activity occurred.
      • File contents: Forensic analysis of the contents of files stored in Dropbox can reveal information about user activities, such as email addresses, passwords, and other sensitive data.
      • Shared links: Dropbox allows users to share files via shared links. Forensic analysis of shared links can reveal who accessed the files, when they accessed them, and what actions they performed on the files.
      • Third-party applications: Dropbox allows third-party applications to access user data. Forensic analysis can reveal which third-party applications were granted access, what data they accessed, and when they accessed it.

    • Google

      • Gmail: Email messages sent and received through the user's Gmail account, including metadata such as sender and recipient addresses, message content, and dates and times.
      • Google Drive: Files and folders stored on Google Drive, including metadata such as file names, creation and modification dates, and file sizes.
      • Google Calendar: Calendar data synced with Google Calendar, including metadata such as event details, dates, and times.
      • Google Contacts: Contact data synced with Google Contacts, including metadata such as contact names, phone numbers, email addresses, and other details.
      • Google Maps: Location data, search history, and other activity data collected by Google Maps, including metadata such as dates and times of activity.
      • Google Photos: Photos and videos stored in Google Photos, including metadata such as dates and locations of capture.
      • Google Voice: Call logs, voicemails, and text messages sent and received through Google Voice, including metadata such as caller and recipient phone numbers and dates and times of activity.
      • Google Search: Search history and other activity data collected by Google Search, including metadata such as search terms, dates and times of activity, and IP addresses.
      • Google Analytics: Website usage and other activity data collected by Google Analytics, including metadata such as dates and times of activity, IP addresses, and other information about the user's browsing behavior.

    • Mega

      • File uploads and downloads: Mega allows users to upload and download files to and from their accounts, and logs these activities. Forensic analysis of file upload and download data can reveal a user's file-sharing activities, including the types of files shared and potentially sensitive information.
      • File metadata: Mega files contain metadata, such as file names, sizes, and creation/modification dates. Forensic analysis of file metadata can reveal information about a user's file usage patterns and potentially identify other users who have shared or accessed the files.
      • Contact information: Mega users can create and manage contacts within the app, which can be analyzed to identify potential witnesses or accomplices.
      • Account creation and login history: Mega logs all account creation and login attempts, which can reveal information about a user's account usage patterns and potentially identify other users who have accessed the account.
      • Encryption keys: Mega encrypts user files using end-to-end encryption and user-controlled encryption keys. Forensic analysis of encryption keys can potentially reveal valuable information about a user's file sharing activities and any sensitive information contained within the files.

    • Teams

      • Communication history: Microsoft Teams logs all communications made by the user, including chat messages, audio and video calls, and file sharing activities. Forensic analysis of communication history data can reveal valuable insights into user activities, including discussions about sensitive topics and interactions with other users.
      • Meeting history: Microsoft Teams logs all meetings attended by the user, including meeting titles, start and end times, and other metadata. Forensic analysis of meeting history data can reveal information about a user's work schedule, meeting attendance patterns, and potentially sensitive information discussed during meetings.
      • User profile information: Microsoft Teams user profiles contain a range of information, including name, email address, and profile picture. This information can be used to build a profile of the user and potentially identify them.
      • Channel and group information: Microsoft Teams allows users to create and join channels and groups, which can contain valuable information about user activities and potentially sensitive information discussed within the channel or group.
      • Device information: Microsoft Teams logs information about the devices used to access the account, including device types, operating systems, and IP addresses. Forensic analysis of device information data can reveal information about a user's work environment and potentially identify other users who have accessed the account.
      • Access logs: Microsoft Teams logs all login attempts and access to user accounts. These logs can reveal the IP address, time, and type of access (e.g., login, logout) for each event.

    • iCloud

      • Device backups: Full or partial backups of the user's iOS or macOS devices, including data such as contacts, messages, call logs, photos, videos, and app data.
      • iCloud Drive: Files and folders stored on iCloud Drive, including metadata such as file names, creation and modification dates, and file sizes.
      • Photos and videos: Photos and videos stored in iCloud Photos, including metadata such as dates and locations of capture.
      • Contacts and calendars: Contact and calendar data synced with iCloud, including metadata such as contact names, phone numbers, email addresses, and event details.
      • Notes: Notes stored in the user's iCloud account, including metadata such as the note content, creation and modification dates, and tags.
      • Mail: Email messages sent and received through the user's iCloud email account, including metadata such as sender and recipient addresses, message content, and dates and times.
      • App data: Data stored in iCloud by third-party apps, including metadata such as app names, file names, and creation and modification dates.
      • iCloud Keychain: Stored usernames, passwords, and other sensitive data synced across the user's devices.