XRY is a mobile forensics tool that allows investigators to extract a wide variety of data from mobile devices. XRY software requires a PC using a Windows operating system. XRY software works on smartphones such as iPhones and Galaxy devices and other mobile devices such as tablets, GPS devices and others. The XRY allows the investigator to conduct both physical and logical acquisition of memory on the device by connecting it to a computer with the installed software. XRY can extract a variety of data from mobile devices such as text messages, user data, call logs, image files, application data and much more.
XRY is capable of extracting subscriber identity module (SIM) data from the device. Many modern devices use the nanoSIM as well as an eSIM which is built into the device. XRY is capable of extracting the sensitive data that is stored on these SIM variations which includes contacts, cellular data such as GSM and CDMA. This type of information can help investigators draw associations between the devices and other incidents and threat actors to gather valuable intelligence.
The XRY software is marketed as being able to decrypt hard to access data such as that which is stored in iCloud. The manufacturer states that XRY is capable of decrypting iCloud Backups and other cloud data stored on modern smartphones. This is one of the more complex features that XRY offers as Apple and Android data is notoriously difficult to decrypt. However, XRY is routinely used by law enforcement and government organizations which validate its functions.
XRY is also capable of retrieving deleted files on a mobile devices such as images, documents, GPS records and others. This information cab be highly valuable as criminals and enemy combatants may attempt to delete or wipe data from their devices. Investigators can then extract these deleted files and use them for later analysis. All of the aforementioned functions of XRY are able to be exported into an easy to understand report for presentations.