WhatsApp deleted chat messages could be reocverd

Error. Those chats could be recover without problem with a goverment forensic tool. We do it for goverment for last 10 years. As you could recover 2 or 3 byte previous state of any device.

Moreover, nowadays all chat platforms are backdoor. Also sms, pictures, etc are stored on central servers without user notice. Even skype has modified the protocol to store them.
And moreover those pseudo secure like silentcircle also added backdoors on the code like buffer overflow and encryption change.

Never use those for secure conversations. ALL are unsecure. ALL OF THEM.
If you want to use them for daily chats without any commercial value, go ahead.

The linked article seems very…lets say closed minded in my opinion.
As far as i can tell it only deals with the logical database itself. That causes some issues when concluding that it is not possible to recover deleted data from a specific app

- There ARE differences in various SQLite Tools that deal with Free Pages or even brute-force record structures(varInt combinations) at byte level inside a database file. The shown Oxygen Tool for example is very good but does has its flaws in this regard. So to say it "doesnt matter which tool you use" may lead the reader into a false idea of whats possible or not.

- Only looking at the existing logical database to evaluate the absence of deleted data is somehow paradox -) To determine if an app "wipes" the data one should investigate how the data behaves on different devices in which a copy of the old database file (before the wipe) might still be in a physical dump of that specific memory (or fragments of database records that can be recovered)

- Beside the database itself the sqlite engine does allow having "old" data inside the db-journal files. You should at least rule this possibilty out by investigating in that regard.

Just some thoughts

EDIT I noticed that there are mobile phone numbers visible on your images. Just in case these are real numbers it may be a good idea to blur them out )

I am always very very wary when someone claims that nothing can be recovered from a deleted operation.

For instance SQLite has a secure delete operation that overwrites a deleted record with NULLs. If you take the SQLite documentation at face value then you would think that this is correct. "Secure delete" does give you a warm fuzzy feeling doesn't it?

I opened a test database and checked that traditional roll back journalling was on (pragma journal_mode = persist) and that secure delete was also on (pragma secure_delete = on), I then deleted a record.

The screenshot below shows the appropriate page from the database after the delete operation. You can clearly see the "blanked out" data that I have highlighted. This re-inforces the claims of the SQLite authors - more warm fuzzy feeling.

However, this picture is the single page that is in the rollback journal - as you can see the deleted record in the roll back journal has not been blanked out and is therefore recoverable.

Clearly the record has to be written to the rollback journal intact so that if there is an error when the journal is committed the database can be rolled back so the DB is always left in a working state - this is a requirement of any database system.

Thank you guys. To me it's a very simple situation. All I want to do is to reveal the truth. I believe science could prove whether chat Apps like LINE or WeChat deleted chat messages could be recovered or not.

If you do want to conduct a test as I did, I'd like to know what's the result you have. What I'm trying to say is if Oxygen or UFED or XRY could not recover LINE 5.3 and above or WeChat 6.3, then what's the point that some say it's possible to recover?

Or maybe some would say those Apps won't wipe those deleted chat messages, if it is true , that means we could still recover those chat messages ,right?

Let's just focus on "LINE 5.3 and above" and "WeChat 6.3", not all kinds of chat Apps' sqlite db. By the way, if certain government tool could do this, how about let us know which government? what's the name of that tool? I'd like to suggest UFED,XRY,Oxygen to buy one and learn more from it.

…All I want to do is to reveal the truth. I believe science could prove whether chat Apps like LINE or WeChat deleted chat messages could be recovered or not.

Exactly. That is why a discussion about the method is always usefull

What I'm trying to say is if Oxygen or UFED or XRY could not recover LINE 5.3 and above or WeChat 6.3, then what's the point that some say it's possible to recover?

Iam affraid that i dont get the meaning of this statement…

These tools are just basic…well..tools. My personal opinion! -> any serious forensic investigator does not rely his work on a "couple of tools" and when they fail he says "Oh well…whats the point of going the extra mile by foot"

Or maybe some would say those Apps won't wipe those deleted chat messages, if it is true , that means we could still recover those chat messages ,right?

Yes, in this case there are possibilities. Sanderson Forensic pointed some out. But any HexEditor will be a good starting point.

Let's just focus on "LINE 5.3 and above" and "WeChat 6.3", not all kinds of chat Apps' sqlite db

Of course not. Thats the reason why i think it is close minded to rely on a single database. There might be some logfiles or backup systems inside the appfolder (or a remote place) that dont look like a database or are encrypted. Which would bring the investigation into the question what kind of encryption and where is the key taken from…and so on…it just doesnt sound right to me to stop at the database 😉

. By the way, if certain government tool could do this, how about let us know which government? what's the name of that tool? I'd like to suggest UFED,XRY,Oxygen to buy one and learn more from it.

Since this is an open plattform, expect the information aorund here to be only open up to a certain degree. Its more a talk about global approaches.

Since this is an open plattform, expect the information aorund here to be only open up to a certain degree. Its more a talk about global approaches.

Well, for one I would like to know where to apply for membership to a "non-open platform" where they tell you how to recover (if I get right what droopy stated) "2 or 3 byte previous state of any device".

They will probably never allow me to join that club ( , not even if I trade in my current (and extremely rare/exclusive) membership to the flying elephants club, but at least I could try.

jaclaz

Well, for one I would like to know where to apply for membership to a "non-open platform" where they tell you how to recover (if I get right what droopy stated) "2 or 3 byte previous state of any device".
jaclaz

I hope we can agree that any kind of government(or non-gov) agency would have a certain level of restriction of what they can share in public and in private networks with partner agencies/companies and so on.

And to be honest… i dont believe that involes secret-recovering-previous-byte-state-tools -)
But neither does it involve an open shared collection of bought software/hardware or guidlines for specific tasks, especially in case they rely on the fact that a certain bug/exploit is not yet spread in public.

They will probably never allow me to join that club ( , not even if I trade in my current (and extremely rare/exclusive) membership to the flying elephants club, but at least I could try.
jaclaz

Elephants….No-Go! i heared even the trial membership does need at least some sort of shady business. How about Umbrella Corp ?

I hope we can agree that any kind of government(or non-gov) agency would have a certain level of restriction of what they can share in public and in private networks with partner agencies/companies and so on.

We may ) agree on that, but IF we do, then those in the knows wouldn't be even allowed to reveal that they can recover "2 or 3 byte previous state of any device", nice CATCH 22.

jaclaz