I have an android device that cannot boot. We went with a chipoff and have a physical bin of the phone and it parses fine in Cellebrite. However, we cannot parse the WhatsApp data. Usually, we would use a utility to pull the key from the running phone. Is there a way to accomplish this using the extraction?
Oxygen Software, UFED, XRY, Belkasoft can do it (extract WhatsApp messages from bin file)
The database is encrypted so parsing will not happen without the key.
if you have a chipoff, the key should be there and it should be decrypted.
Sent you a PM
RonS
You are looking at the wrong folder. Don't use the "WhatsApp" folder on the internal sd card (/shared/0). This folder only contains the media files and the encrypted backup databases.
Instead use the "com.whatsapp" folder found in /data/data. This folder contains the plaintext database msgstore.db and the key file to decrypt the backups from the WhatsApp folder.
Extracting whatsapp database and the cipher key from a non rooted android device
http//
Decrypting encrypted whatsapp databases without the key
http//