5 BEST Cloud Forensics & Social Media Extraction Tools

Data in the cloud (e.g. Google Drive, iTunes, webpages, social media sites) are constantly prone to changes or deletion. Therefore, cloud forensics is often referred to as taking a snapshot of the data at that moment in time.

Therefore it is important to use proper cloud forensic software to collect and preserve this digital evidence.

Cloud forensics tools are especially important if you use them for law enforcement cases (criminal offences) or corporate crime investigations, e.g. checks into employee misconduct, data leaks, etc.

Cloud data can be very useful where evidence no longer resides on local storage, e.g. computers & mobile phones, due to deletion or overwriting.

Sub-disciplines of digital forensics include mobile forensics, memory forensics and many more.

What do I need to perform cloud forensics and social media extraction?

You will still need the following;

  • The correct login credentials and authentication token for the software to gain access to the account and begin cloud extraction.
  • A clean computer, preferably with a wired connection (stable connection) and enough storage space (for the extracted cloud data)

What are the Best Cloud Forensics and Social Media Extraction Tools?

These are the five (5) cloud forensics and social media extraction that collect cloud data in a forensically-sound manner and can be used in a court of law as digital evidence.

1. Oxygen Forensic® Cloud Extractor


Founded in 2000, Oxygen Forensics is a Russian company headquartered in Alexandria, Virginia and provides mobile forensics capabilities to law enforcement, federal agencies and enterprises.

The digital forensic tool has had a built-in feature called Cloud Extractor since 2014, which acquires data from popular cloud storage and cloud email providers. Gmail, Google Drive, OneDrive, iTunes, Facebook, Instagram, Twitter and many more are some of them.

With the extracted cloud data, Cloud Extractor provides additional analytic features, e.g. Timeline (data in a chronological manner), Social Links (frequently communicated parties) and Image Categorization (sorting of images using built-in AI).

Cloud Support & Features

  • Supports over 100+ cloud services
  • Acquisition from Google, iCloud, Microsoft cloud services, popular SaaS offerings like Dropbox & Box and social media sites like Facebook, Instagram, etc
  • Cloud access via various authorization methods, support 2FA and data decryption
  • Allow users to configure proxy settings for each cloud service

2. X1 Social Discovery


XI Social Discovery is a case-centric workflow platform that enables users to correctly capture web content while maintaining data preservation and retaining metadata values.

The social media extraction tool collects and searches data from social networks and online web pages.

Unlike the traditional method of manual webpage exporting and taking screenshots, XI Social Discovery collects the web data, allows users to search & analyse them and aggregates all these data into a single user interface.

Cloud Support & Features

  • Support data types from Facebook, Instagram, Twitter, Youtube, Tumblr, LinkedIn, Webpages, Gmail and many more
  • Reporting feature based on filter and data extraction
  • Data is forensically-sound in the process of cloud extraction
  • Patented web page authentication

3. Magnet AXIOM: Cloud Forensics

Magnet AXIOM offers a comprehensive solution for lawfully recovering and analyzing cloud-based evidence in various ways from suspects, victims, witnesses, and publicly available cloud sources, e.g. social media and webpages.

The social media and cloud extraction tool allow users to extract, recover, analyze and report on their cloud evidence and open-source intelligence (OSINT) data in one single case interface.

Cloud Support & Features

  • Support cloud extraction from over 50+ cloud services
  • Ability to import Warrant Returns formats from Internet Service Providers (ISPs)
  • Support ingestion of user-generated archive files from Facebook and Google (e.g. Google Takeout)
  • Gain access to cloud account via login credentials and 3rd party tokens and keychains

4. Cellebrite UFED Cloud


Since entering the mobile forensics industry in 2007, Cellebrite UFED has been the major player in this field for many years.

Cellebrite is an Israeli digital intelligence company focusing mainly on extracting data from mobile devices. The company has several offices across the world, including Washington D.C, Germany and Singapore.

One of Cellebrite’s product, the UFED Cloud, allow users to collect, preserve and analyze popular cloud services, social media data, instant messaging apps, web pages and many more.

Cloud Support & Features

  • Support over 50+ popular cloud services and social media sites
  • Lawful access to time-sensitive online evidence using cloud forensics methodology
  • Ability to import extracted cloud data into the UFED Digital Intelligence platform for further review and analysis
  • Ability to visualise data in a unified format, e.g. timeline format and maps format

5. MSAB XRY Cloud


MSAB is a Swedish company that specialises in using forensic technology for mobile device examination and analysis. The company’s main product is the XRY, their flagship mobile forensics software for extracting mobile data.

The company has a separate component product called the XRY Cloud, which is used to perform cloud forensics. XRY cloud can be used as a standalone tool or as part of the complete MSAB ecosystem suite of tools.

XRY Cloud offers two (2) modes of cloud extraction. First is the automatic mode, which requires the device to have online access to extract the app token, e.g. Facebook token. The second mode uses the usual login credentials (ID/password) and does not require the device’s presence.

Cloud Support & Features

  • Support over 50+ cloud services
  • Cloud extraction from Whatsapp, Snapchat, iCloud, Facebook, Google services, etc
  • Use of Cloud Tokens to gain access if login credentials cannot be obtained

Leave a Comment

Your email address will not be published. Required fields are marked *