WeChat Desktop App Artefacts for macOS

General (Technical, Procedural, Software, Hardware etc.)

Last Post by UnallocatedClusters 8 years ago

2 Posts

2 Users

0 Reactions

1,314 Views

RSS

SwastiBhushan

(@swastibhushan)

Active Member

Joined: 10 years ago

Posts: 8

Topic starter 28/11/2017 10:56 am

Hi Folks,

While working on an forensic investigation came across WeChat desktop app for OSX. To determine if any user data resides in an macOS High Sierra system,interesting databases were found to be located in the directory
/Users/UserName/Library/Containers/com.tencent.xinWeChat/Data/Library/Application Support/com.tencent.xinWeChat/2.0b4.0.9/5b5a7aaccfd17d9d0d535b56fa66abeb/Message/

But the DB’s seem to be encrypted with SQLCipher. Anyone have any idea on how to decrypt the DB’s.

Thanks In advance ) ) )

Quote

UnallocatedClusters

(@unallocatedclusters)

Honorable Member

Joined: 13 years ago

Posts: 576

28/11/2017 5:43 pm

ForensicFocus member gorvq7222 might be a good resource for WeChat - I would PM him.

ReplyQuote

Android Forensics

I have conducted a logical and partial extraction of a ...

By SgtAndroid , 8 hours ago
Article: The Balance Between Digital Forensic Examiners And Digital Evidence Technicians: Expertise Vs. Efficiency

Can digital forensic labs cut backlogs without cutting ...

By Zoe , 1 day ago
Prefetch Question

Hello All, I have a question regarding Windows prefet...

By Forensic_Tester , 2 days ago

8 Forums
15.7 K Topics
92.3 K Posts
151 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed