The communication between the two suspects has a lot of photos and not much words. So an emoji of a thumbs up has a big difference with say a thumbs down….
ah okay, valid point )
You mentioned that the emoji's are just shown as a square, but is there any data for them in hex view?
I'm wondering if the data is there but UFED doesn't know how to interpret it, if these values can be exported out then use a test phone to try and decipher what each value means..
Does that make sense? I'm thinking if you have a test iPhone (assuming you know what emoji types are being used) you could send yourself a test message that contained nothing but all the available emoji's, download this phone and you should have a map of sorts with the hex values for each emoji.
Thanks Adam for the advice. The suspect's phone is a Samsung galaxy note 3. I will try to dump out the hex value and try to decipher it.
Many thanks.
Best regards,
Cypri
Do you just need a better font?
In the whatsapp database there is only stored a hex value for each emoij that needs to be mapped to a specific icon file that is within the app.
You can however map them manually(for example a html-report file) afterwards with a little scripting efford since the
So you would generate a html file report and pipe the content via script through the python mapping-script which replaces these values with an image link. The icons are within the above linked zip file (there is a zip inside that contains a data folder with these icons)
Other than that i guess cellebrite will be dealing with this issue in near future since they mentioned a Chat-Decoding rework in the next release. The Physical Analyzer still doesnt do proper decoding of whatsapp chats, especially with multimedia files included (e.g. voice messages)
Thanks so much. Another friend of mine suggested me to try using an android emulator and load the image there and try…
thanks again everyone for your tips and advice.
Best regards,
Cypri
Dear friends,
I have a new findings regarding the captioned case.
I create a Excel report from UFED.
I emailed the Excel report to my own email box
I opened the email attachment (the Excel file) using a Samsung smart phone –> I can see some emoji in color format
I opened the email attachment (the Excel file) using a Mac Book Air / Mac Book Pro –> I can see more emoji, also in color format
I opened the email attachment (the Excel file) using an iPhone –> I can see ALL the emoji.
I opened the email attachment (the Excel file) using a Windows 7 computer –> I can see some of the emoji (but in black and white color).
Conclusion
It appears that Cellebrite UFED Touch did in fact extract all emoji information
It appears that (at least in this moment) only iPhone can read all the extracted emoji information.
Question
How to make my windows 7 machine capable of interpreting the Excel file properly?
I attempted to install Apple's Color Emoji font in my Windows 7 machine but no luck.
Does anyone know how to make my Windows 7 capable of reading all those emojis, just like how an Apple iPhone does?
Many thanks!
Cypri
Does anyone know how to make my Windows 7 capable of reading all those emojis, just like how an Apple iPhone does?
Well, if you exit (temporarily and for one moment only) from the specific case, you have a "plain", "normal" Excel file with *something* that does not display correctly.
So, generically speaking, this *something* that is NOT shown correctly *must* be some kind of external (not embedded) graphic resource, and what is actually in the Excel file are *some kind* of links that are "unresolved".
Specifically, it is well possible that the resource is actually inside a specific font, in Unicode
http//
and what you see under Windows 7 is the effect of a "font substitution".
It should not be much difficult to find out which kind of link is in the Excel spreadsheet and where/what it "looks for" and place there the missing graphic resources, obtained from *somewhere* or viceversa change the link to point to a "hardcopy" of the image.
The support for the colour emoji fonts has been added surely in Windows 8 or 8.1, but it has to be seen if the "feature" of colourised fonts can be "back ported" to Windows 7 ?
http//
(I doubt it) and also if there is an effective one-to-one correspondence between the Apple (proprietary format) emoji mappings to Unicode and the Windows 8.1 Segoe UI Symbol font, and, as said earlier, it is possible that there are specific "WhatsApp" graphic resources that do not belong to a font.
It is also possible that the "same" Excel spreadsheet converted to HTML or XML can be seen "in colours" in Internet Explorer (but not in another browser)
http//
If you check here
http//getemoji.com/
the emojis are defined as
font-family "Apple Color Emoji","Segoe UI Emoji","NotoColorEmoji","Segoe UI Symbol","Android Emoji","EmojiSymbols";
but each OS/browser may render the symbols the same or differently or in colour vs. BW and have a smaller or bigger number of "blank squares".
jaclaz