Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/dgi1f26tufrt/public_html/articledirectory/system/ on line 70

Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/dgi1f26tufrt/public_html/articledirectory/system/ on line 8
Larry L Miller Article Directory | Forensic guide to WhatsApp data acquisition
Translate Page To German Tranlate Page To Spanish Translate Page To French Translate Page To Italian Translate Page To Japanese Translate Page To Korean Translate Page To Portuguese Translate Page To Chinese
  Number Times Read : 133    Word Count: 500  

Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/dgi1f26tufrt/public_html/articledirectory/inc/ on line 23
Special Offer...Free Video Training.  See Advertisement in the center section below


Arts (2617)
Business (42914)
Cars and Trucks (1536)
CGI (166)
Coding Sites (2102)
Computers (8616)
Cooking (1450)
Crafts (662)
Current Affairs (849)
Databases (1108)
Education (3772)
Entertainment (6019)
Finances (4765)
Gardening (2489)
Geneology (129)
Healthy Living (2451)
Holidays (794)
Home (2236)
Home Management (3537)
Internet (9634)
Legal (2008)
Medical (1257)
Men Only (809)
Motorcyles (903)
Our Pets (1186)
Outdoors (1829)
Relationships (4137)
Religion (1385)
Self Improvement (4292)
SEO (452)
Sports (6223)
Staying Fit (1142)
Technology (2685)
Travel (3706)
Web Design (1674)
Weddings (2749)
Wellness, Fitness and Di (2651)
Women Only (1588)
Writing (1671)
Total Articles: 167844
Total Authors: 259183
Total Downloads: 19027308

Newest Member
Kay Carrell

Forensic guide to WhatsApp data acquisition

[Valid RSS feed]  Category Rss Feed -
By : Olga Koksharova   99 or more times read
Submitted 2020-07-31 05:15:25

Instant messaging apps have become the de-facto standard of real-time, text-based communications. The acquisition of instant messaging chats and communication histories can be extremely important for an investigation. In this article, we compare the five top instant messaging apps for iOS in the context of their forensic analysis.


Speaking of iOS, there are several methods to acquiring communications going through an instant messaging app. The MITM (man-in-the-middle) attack is practically out of the question for most modern instant messaging apps; if there are exceptions, we aren't aware of those. Even on Android devices, a MITM attack would require installing a third-party SSL certificate, and even that may not work for some instant messengers.

The ability to obtain communication histories from the vendor is a great tool in the hands of the law enforcement. The policies of different vendors vary greatly from near-instant full disclosure to flat non-disclosure with stops in between.

Cloud extraction may be possible from several sources, which include iCloud synchronized data (including end-to-end encrypted data), iCloud backups and stand-alone backups in iCloud Drive. It's up to the vendor to decide where and how to store the data; more on that later.

Finally, the data can be extracted from the iPhone device itself. For some messaging apps, logical extraction via iTunes-style backups is enough, while some other messengers don't store anything in local backups. Imaging the file system (and, in some cases, decrypting the keychain) is always enough to gain full access to conversation histories.

Let us see the extraction options available for thetop instant messaging app, WhatsApp.

Today, WhatsApp is one of the most popular (if not the most popular) instant messaging tools worldwide. While WhatsApp communication is based on the Signal protocol employing end-to-end encryption, that fact alone does not make WhatsApp any more secure than other messaging apps as WhatsApp keeps a backup of its conversation histories, making them easily accessible with several acquisition techniques.

LEGAL REQUESTS: WhatsApp does not store conversation histories on its servers. As a result, only pending (undelivered) messages can be obtained with a legal request.

VENDOR CLOUD: Facebook does not keep WhatsApp conversations on its servers, and cloud acquisition is not generally possible with one exception. Undelivered (pending) messages are still stored on the server, and can be downloaded with forensic software by authenticating as a new WhatsApp client.

LOCAL BACKUPS: More often than not, WhatsApp communication histories show up in both local and cloud iOS backups (there are exceptions).

ICLOUD BACKUPS: Same as above. More often than not, WhatsApp conversation histories can be extracted from iCloud backups.

ICLOUD DRIVE: WhatsApp has an option to save stand-alone, proprietary backups in iCloud Drive. While these backups can be easily downloaded, they are protected with end-to-end encryption. As a result, one must authenticate as a WhatsApp client in order to decrypt the backup (e.g. using Elcomsoft Explorer for WhatsApp). This requires access to the user's registered WhatsApp number.

FILE SYSTEM: WhatsApp does not feature any additional protection to the working database. Once a file system image is captured from the iPhone, extracting and analyzing WhatsApp conversations is straightforward.


The acquisition of the user's WhatsApp communications is easier than average. WhatsApp conversations can be extracted from nearly every available source including local and cloud backups.

Tools required: Elcomsoft iOS Forensic Toolkit and Elcomsoft Phone Viewer; or Elcomsoft Explorer for WhatsApp.

Elcomsoft Explorer for WhatsApp is a tool to download, decrypt and display WhatsApp communication histories. It automatically acquires WhatsApp databases from one or multiple sources, processes information and displays contacts, messages, call history and pictures sent and received. The built-in viewer offers convenient searching and filtering, and allows viewing multiple WhatsApp databases extracted from various sources. Visit to find more information about Elcomsoft Explorer for WhatsApp and try it for free.

Author Resource:- Olga Koksharova is involved in security research related to mobile forensics. During the last years, Olga has been busy researching security trends in the world of mobile forensic. Olga is an expert in cryptography and IT security.

Article From Larry L Miller Article Directory

Related Articles :
  • There are no related Articles.
    Thank you.

HTML Ready Article. Click on the "Copy" button to copy into your clipboard.

Firefox users please select/copy/paste as usual

Like This Page?
Tweet It!

Click Here to invite your friends to see this page

Sign up
learn more
Submit Articles
Submission Guidelines
Top Articles
Link Directory
About Us
Contact Us
Privacy Policy
RSS Feeds

Print This Article
Add To Favorites


Purchase this software