UFED AND OXYGEN WHA...
 
Notifications
Clear all

UFED AND OXYGEN WHATSAPP DECRYPTION

14 Posts
9 Users
0 Reactions
5,590 Views
(@cs1337)
Trusted Member
Joined: 11 years ago
Posts: 83
 
Posted by: @jaclaz
Posted by: @cs1337

 

Most androids I come across you cannot perform a full physical image on without rooting the device which is not something we do as the phone needs to be returned in the same state it was received.

A side-side question, if I may.

When is the phone returned, on average, in your experience?

I mean, a phone is seized, then imaged/investigated, then (possibly after some explicit decision by a judge or high rank investigator)  returned.

How long does the process take?

jaclaz

 

I mostly deal in eDiscovery matters where generally Contacts/ Call Logs/ SMS/MMS and Voicemails are of relevance for litigation. Custodian agrees to let us capture the content and then the device is returned immediately after. 


   
ReplyQuote
jaclaz
(@jaclaz)
Illustrious Member
Joined: 17 years ago
Posts: 5133
 
Posted by: @cs1337 

I mostly deal in eDiscovery matters where generally Contacts/ Call Logs/ SMS/MMS and Voicemails are of relevance for litigation. Custodian agrees to let us capture the content and then the device is returned immediately after. 

I see, thanks, I was more curious on criminal cases, where I expect (presume) that the process will take weeks or months.

jaclaz


   
ReplyQuote
(@masekul)
New Member
Joined: 5 years ago
Posts: 1
 

@cs1337 I tried this does not work on android 8.1 and above, Cellebrite will simply acquire the whatsapp stores in encrypted format and you may need to decrypt it manually.


   
ReplyQuote
OxygenForensics
(@oxygenforensics)
Estimable Member
Joined: 13 years ago
Posts: 143
 

@masekul In the latest Oxygen Forensic Detective, we have introduced the ability to extract WhatsApp and WhatsApp Business contacts and chats using OxyAgent utility installed in Android devices. Using this method you can quickly get all WhatsApp data and there will be no need to decrypt. It will be much faster than doing complete physical extraction that we also offer. 

One more method that might be of help for you is scanning a WhatsApp QR code in Oxygen Forensic Cloud Extractor and getting all the evidence very quickly and in a readable format. 

 


   
ReplyQuote
Page 2 / 2
Share: