±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 32893
New Yesterday: 9 Visitors: 175

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Decryption of WhatsApp

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

Decryption of WhatsApp

Post Posted: Thu Oct 31, 2013 12:59 pm

I have a Micro SD from a Blackberry containing encrypted WhatsApp message stores/db files.

Until recent times, the only way of obtaining the contents, is to view the Chats through the Handset with the Memory Card inserted and capture via a manual... painful task but does the job.

I know there was a new release in August of Cellebrite PA which cracked the decryption of the db files via completing a file system & physical extraction of the device; then using the 'open advanced' feature on PA to eventually obtain the chats.

I don't seem to be having much luck with this method, all data is decoded however no WhatsApp contents...

Any other ideas/assistance is appreciated.

Thanks in advance,

Dan  

DCS1094
Senior Member
 
 
  

Re: Decryption of WhatsApp

Post Posted: Thu Oct 31, 2013 2:30 pm

So besides the Micro SD you also have a extraction of the Blackberry?
Send you a pm for some more info.

BTW Have a look at www.slideshare.net/and...-forensics  

kbertens
Senior Member
 
 
  

Re: Decryption of WhatsApp

Post Posted: Thu Oct 31, 2013 3:41 pm

Yes.

Cheers

Dan  

DCS1094
Senior Member
 
 
  

Re: Decryption of WhatsApp

Post Posted: Thu Oct 31, 2013 3:44 pm

Oxygen Forensic Suite support WhatsApp decryption.
_________________
Computer, Cell Phone & Chip-Off Forensics

linkedin.com/in/igormikhaylovcf 

Igor_Michailov
Senior Member
 
 
  

Re: Decryption of WhatsApp

Post Posted: Thu Oct 31, 2013 7:18 pm

Please use the UFED version that was released this week, there was a fix exactly for this.

Ron Serber  

RonS
Senior Member
 
 
  

Re: Decryption of WhatsApp

Post Posted: Thu Oct 31, 2013 9:49 pm

Thanks for this guys. Will be sure to check both out when next in the lab.  

DCS1094
Senior Member
 
 
  

Re: Decryption of WhatsApp

Post Posted: Thu Nov 07, 2013 2:59 am

I just decrypted one whatsapp db from an unrooted android device, the process is simple...these are the tools I used:

1. sch3m4.github.io/wforensic/ -> used for decryption and merging db files
2. blog.digital-forensics...nsics.html -> used for printing those decrypted db into printable form, so you won't need to look it using sqldb viewer or stuff like that.

good luck.  

jtingkir
Member
 
 

Page 1 of 2
Go to page 1, 2  Next