In the digital age, there’s no doubt that digital devices play a significant role in investigations. That is why digital forensic examiners need access to tools that can help them extract data from these devices in a timely and efficient manner.
One such tool is Magnet GRAYKEY – a mobile device forensic tool that can provide same-day access, complete evidence control, and comprehensive data extraction for Android and iOS devices. GRAYKEY is already fast with gaining access and extracting encrypted or inaccessible data. But when you use GRAYKEY’s Category Extractions feature, they take a tool that is already fast at extracting data and combining it with the ability to extract critical artifacts even faster.
In this blog post, we will explore the benefits of GRAYKEY Category Extractions and how they can help law enforcement agencies save time and resources.
From Feedback To Features: Creating Category Extractions
Many of our customers said they needed the ability to only extract certain artifacts so they could either:
- Comply with limited search warrants,
- Comply with the needs of cooperating parties or,
- Access specific artifacts in time-sensitive cases.
And with that, Category Extractions were born. After success with iOS devices, we released Category Extractions for Android devices a month later.
How Do Category Extractions Work
Once GRAYKEY has accessed a device, the user can select Category Extractions from the GRAYKEY UI. GRAYKEY will then survey the content on the device, which typically takes 1-5 minutes (depending on how much data is stored on the device). After completing the survey, the user can select or deselect the data categories they want to extract. Investigators can identify key areas of interest before extracting data, saving significant time and resources.
By selecting specific artifact types, examiners and investigators can limit their search purview to data that is relevant to their investigation. When you can access the specific artifacts, you are looking for, it can help save you time and make your workflow more efficient.
When To Use Category Extractions?
No matter what type of case you are investigating, Category Extractions can be helpful. We have outlined some use cases below, and this isn’t an extensive list of when or how you could use Category Extractions.
Limited Search Warrant
You are investigating a narcotics case. Based on the circumstances, you have a limited search warrant that only allows communication data, multimedia, and location information. With Category Extractions, you could select those artifact types to remain compliant with the search warrant.
Consent Based Extractions
A device owner has provided consent for their device to be extracted. However, they only grant you access to certain artifact types. You can extract communication data but not email. Or you can extract internet history but not multimedia files. Now, you can comply with their requests. Check out our Best Practices for Examining Consent Devices blog.
Prioritize To Be Faster
You are investigating a kidnapping case. You have the victim’s device, and time is limited. Instead of having to wait and extract the entire contents of the device, you can strategically select certain artifacts where you want to focus your analysis. And if you are using Magnet ARTIFACT IQ to conduct analysis, you can begin analyzing those artifacts as GRAYKEY is extracting them. Prioritizing which artifacts you want to extract can save you significant amounts of time. And you can always extract a full file system later when time isn’t as crucial.
Transform You Investigations with Category Extractions
Category Extractions allow you to comply with limited warrants and consent-based extractions and save valuable time. It’s an important feature that gives you even more flexibility when conducting your mobile device investigations.
If you’re a GRAYKEY customer and want to learn more about Category Extractions, watch this demo in the Investigator’s Corner.
Interested in learning more about GRAYKEY? Contact us today.