WeChat Desktop App Artefacts for macOS

General (Technical, Procedural, Software, Hardware etc.)

Last Post by UnallocatedClusters 6 years ago

2 Posts

2 Users

0 Likes

790 Views

RSS

SwastiBhushan

(@swastibhushan)

Posts: 8

Active Member

Topic starter

Hi Folks,

While working on an forensic investigation came across WeChat desktop app for OSX. To determine if any user data resides in an macOS High Sierra system,interesting databases were found to be located in the directory
/Users/UserName/Library/Containers/com.tencent.xinWeChat/Data/Library/Application Support/com.tencent.xinWeChat/2.0b4.0.9/5b5a7aaccfd17d9d0d535b56fa66abeb/Message/

But the DB’s seem to be encrypted with SQLCipher. Anyone have any idea on how to decrypt the DB’s.

Thanks In advance ) ) )

Posted : 28/11/2017 10:56 am

UnallocatedClusters

(@unallocatedclusters)

Posts: 577

Honorable Member

ForensicFocus member gorvq7222 might be a good resource for WeChat - I would PM him.

Posted : 28/11/2017 5:43 pm

8 Forums
15.5 K Topics
92 K Posts
8 Online
40.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed