UFED AND OXYGEN WHA...
 
Notifications
Clear all

UFED AND OXYGEN WHATSAPP DECRYPTION

14 Posts
9 Users
0 Reactions
4,844 Views
(@cs1337)
Posts: 83
Trusted Member
 
Posted by: @jaclaz
Posted by: @cs1337

 

Most androids I come across you cannot perform a full physical image on without rooting the device which is not something we do as the phone needs to be returned in the same state it was received.

A side-side question, if I may.

When is the phone returned, on average, in your experience?

I mean, a phone is seized, then imaged/investigated, then (possibly after some explicit decision by a judge or high rank investigator)  returned.

How long does the process take?

jaclaz

 

I mostly deal in eDiscovery matters where generally Contacts/ Call Logs/ SMS/MMS and Voicemails are of relevance for litigation. Custodian agrees to let us capture the content and then the device is returned immediately after. 

 
Posted : 14/08/2020 11:25 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 
Posted by: @cs1337 

I mostly deal in eDiscovery matters where generally Contacts/ Call Logs/ SMS/MMS and Voicemails are of relevance for litigation. Custodian agrees to let us capture the content and then the device is returned immediately after. 

I see, thanks, I was more curious on criminal cases, where I expect (presume) that the process will take weeks or months.

jaclaz

 
Posted : 15/08/2020 8:52 am
(@masekul)
Posts: 1
New Member
 

@cs1337 I tried this does not work on android 8.1 and above, Cellebrite will simply acquire the whatsapp stores in encrypted format and you may need to decrypt it manually.

 
Posted : 18/08/2020 8:10 am
OxygenForensics
(@oxygenforensics)
Posts: 143
Estimable Member
 

@masekul In the latest Oxygen Forensic Detective, we have introduced the ability to extract WhatsApp and WhatsApp Business contacts and chats using OxyAgent utility installed in Android devices. Using this method you can quickly get all WhatsApp data and there will be no need to decrypt. It will be much faster than doing complete physical extraction that we also offer. 

One more method that might be of help for you is scanning a WhatsApp QR code in Oxygen Forensic Cloud Extractor and getting all the evidence very quickly and in a readable format. 

 

 
Posted : 18/08/2020 9:21 am
Page 2 / 2
Share: