Extracting Spark Data in Oxygen Forensic® Detective

At Oxygen Forensics, we are dedicated to providing our customers with the best solution on the market. We care about our customers and consider every piece of feedback we receive. In the latest version of our flagship solution, Oxygen Forensic® Detective v.14.2, we have added support for the Spark app on macOS, iOS, and Android, in response to a user request.

What is Spark?

Spark is an email application for iOS, macOS, and Android devices by Readdle. It is an email-managing app that lets its users handle an inbox together with multiple people, assign emails just like tasks, set deadlines, and track progress. It has a Smart Inbox function that automatically categorizes and filters incoming mail. It integrates with Dropbox, Box, Evernote, Pocket, Google Drive, and OneDrive for attachments and saving files.

PC

Spark does not have any Windows or Linux app and therefore can only be extracted from macOS PCs. To start the extraction, launch Oxygen Forensic® KeyScout on the target PC. If only Spark data is of interest, customize the search settings by opening the Applications tab. Click the checkbox next to the Source column to uncheck all apps, and then click  the box next to the Spark application to select it.

As soon as all evidence is collected, an investigator can proceed to examining it. It should be noted that some of our competitors support the extraction of Spark data but none can get access to as much data as Oxygen Forensic® Detective. Here is what our software can extract from a Spark app on macOS:

  • User accounts
  • Contacts
  • Teams
  • Mail
  • Comments
  • Attachments
  • Calendar
  • Cache

Mobile

Both iOS and Android Spark apps are supported in Oxygen Forensic® Detective. The app data is included in Android backup and thus can be extracted via regular logical acquisition. A user of Oxygen Forensic® Detective can get access to the following Spark data after acquiring an Android device:

  • User account information – containing user ID, email address, full name, and photo URL
  • Contacts – including full names, email addresses, user IDs, timestamps of contact creation, and latest update
  • Folders – including names, parent folders, the number of unread mails, and synchronization timestamps
  • Mail – including  timestamps, subject, to and from fields, information about CC and BCC, the contents of the mail, reply information, attachments and their size, MIME-type, and message ID
  • Cache – containing images and their size
  • Logs and other data – including names of files

More Spark data can be extracted from iOS devices, particularly the data related to the account owner, such as their phone number, mail, and SMTP servers, and the currently used account. Nevertheless, by and large the set of extractable data remains virtually the same.

Data extracted from an Android device
Data extracted from an iOS device

Interested in trying our new Spark extraction feature? Update your Oxygen Forensic® Detective to version 14.3 and contact us for a free software demo!

Leave a Reply

Your email address will not be published. Required fields are marked *