(this text is a work in process)

Overview


 

Description

WhatsApp became the main program used to communicate with each other, and with criminals are not so different . A lot of evidences can be found in the whatsapp messages. So, if you want to solve crimes, be able to extract, decrypt and create a good report of the whatsapp messages is fundamental.

The very begginning

Originally, Forensic Tools (FT) was developed with the only purpose to extract whatsapp data, but a lot of libraries were developed and tested. Some proof of concepts were made, such as Android USB (and Bluetooth) Data Extraction.

 

 
Extracts Android data through USB or Bluetooth

Now Forensic tools is able not only to extract whatsapp data in ALL* Android versions (yes, even after 6!) of Android, but even restore deleted messages and view all the thumbnails representing the images, movies or documents sent !

A lot of research was made about whatsapp database schema, cryptographic process and Android internals and security.

*in Android 3 and previous, the adb backup command wasn't part of adbd server.

Reports

The reports are created based on FreMarker template files, so with some effort will be possible to translate to any language and even change any characteristics.

 

 
Report page. On the left the chat list and on the right samples of thumbnails acquired 

The future

With all this in mind Forensic Desk is in process of development.

Forensic Desk will be a complete tool to Unlock, extract data and make reports as fast as possible.