About Me

I am Not A....● Teacher● Trainer● Hacker

● .........I am An IT Security Analyst ........

Todays Entertainment

WhatsApp Forensic

Introduction

Steps to Perform Forensic

Key Artifiacts of WhatsApp

● Main Evidence files-->>

● ->/data/data/com.whatsapp/databases/msgstore.db

● ->/data/data/com.whatsapp/databases/wa.db

● ->/sdcard/WhatsApp/Databases/msgstore.db.crypt8

Directory Structure

● Main Evidence Directories-->>

● .Shared - Hidden

● .Trash - Hidden

● Databases

● Media

● Profile Pictures

Ricovery Methods

● 1. Online Websites

● Example:- https://www.recovermessages.com/

2. Get back Deleted WhatsApp Messages Manually

● 3. Tools

● Example:- Oxygen Forensic Suite, Mobiledit Etc

Comman Challenges

● 1. Encryption

● 2. Tools are Paid

● 3. Patience and Time Consuming

Demo...

References

->http://sch3m4.github.io/wforensic/

->http://www.magnetforensics.com/recovering-whatsapp-forensic-artifacts/

->http://blog.digital-forensics.it/2012/05/whatsapp-forensics.html

Credits -->> Internet & Me

Any Queries..??

----------->>Thank You<<-----------