Notifications
Clear all
General (Technical, Procedural, Software, Hardware etc.)
2
Posts
2
Users
0
Likes
790
Views
Topic starter
Hi Folks,
While working on an forensic investigation came across WeChat desktop app for OSX. To determine if any user data resides in an macOS High Sierra system,interesting databases were found to be located in the directory
/Users/UserName/Library/Containers/com.tencent.xinWeChat/Data/Library/Application Support/com.tencent.xinWeChat/2.0b4.0.9/5b5a7aaccfd17d9d0d535b56fa66abeb/Message/
But the DB’s seem to be encrypted with SQLCipher. Anyone have any idea on how to decrypt the DB’s.
Thanks In advance ) ) )
Posted : 28/11/2017 10:56 am
ForensicFocus member gorvq7222 might be a good resource for WeChat - I would PM him.
Posted : 28/11/2017 5:43 pm