Export facebook mes...
 
Notifications
Clear all

Export facebook messenger messages without root  

Page 1 / 2
  RSS
Thomass30
(@thomass30)
Active Member

Hello,
Is there a way to somehow export messenger messages on a non rooted device ?

The messages are in the database file name thread_db2 in /data/data/com.facebook.orca/databases/contacts_db2 but in non rooted device there is no access to that.

Is there another possibillity to get acces to that file or save messages in another way ?

Quote
Posted : 20/04/2018 6:09 pm
mcman
(@mcman)
Active Member

Cloud?

Even if you get root/physical access, not all the messages are saved on the device any more, lots get stored in the cloud. Only the most recent will be locally on the device. Try putting a phone in airplane mode and seeing how many messages you can access vs. how many you can read when it has a network connection (obviously don't test this on the user's/suspect's phone).

Jamie

ReplyQuote
Posted : 20/04/2018 6:15 pm
Thomass30
(@thomass30)
Active Member

Thanks for your reply.

I know that only portion of messages are stored in the device.
Cloud is not the option. I shouldnt connect this to the Internet. This is the suspect's phone.
I cannot find the way to root it so I'm looking the way to somehow export existing messages.

ReplyQuote
Posted : 20/04/2018 6:53 pm
Mreza
(@mreza)
Member

Thanks for your reply.

I know that only portion of messages are stored in the device.
Cloud is not the option. I shouldnt connect this to the Internet. This is the suspect's phone.
I cannot find the way to root it so I'm looking the way to somehow export existing messages.

You will miss crucial evidence.

Device

Cloud

ReplyQuote
Posted : 20/04/2018 10:24 pm
Thomass30
(@thomass30)
Active Member

Mreza what do you mean ?

ReplyQuote
Posted : 20/04/2018 10:34 pm
Mreza
(@mreza)
Member

Mreza what do you mean ?

You could see on a example how many messages have been on the device and how many of them i extracted from the cloud. If you dismiss cloud, you could miss some key information.

ReplyQuote
Posted : 20/04/2018 10:48 pm
Thomass30
(@thomass30)
Active Member

Ok i got your point.
But right now Im only interested in message saved on the phone.
I need to somehow extract it.

ReplyQuote
Posted : 20/04/2018 10:57 pm
droopy
(@droopy)
Active Member

Use adb. To export the database without rooting.

You need to connect device to PC

ReplyQuote
Posted : 21/04/2018 12:57 pm
Thomass30
(@thomass30)
Active Member

@droopy I tried adb.. it looks like I still need rooted device to do that.

ReplyQuote
Posted : 21/04/2018 4:38 pm
Plan_B
(@plan_b)
New Member

What phone model / type / OS version u have?

ReplyQuote
Posted : 21/04/2018 5:07 pm
Thomass30
(@thomass30)
Active Member

@Plan_B
ZTE Blade A452 Android 5.1

ReplyQuote
Posted : 21/04/2018 5:47 pm
randomaccess
(@randomaccess)
Active Member

Looking it up on Digital Forensic Compass, I see it's supported with the Cellebrite Ultimate; I take it you dont have access to that?

But yeah, otherwise legal authority and cloud download of suspects facebook account would be useful. Either legal request through facebook, consent+facebook takeout extraction, or using a social media capture tool with the credentials off the device.

ReplyQuote
Posted : 22/04/2018 8:40 am
arcaine2
(@arcaine2)
Active Member

ZTE Blade A452 Android 5.1

You should be able to make full dump of that phone directly, without rooting or even fully booting the device. Old MTK, not a secure device, no forced enctyption etc.

ReplyQuote
Posted : 22/04/2018 11:18 am
Thomass30
(@thomass30)
Active Member

@randomaccess
I dont have access to that

@arcaine2
With rooted device I was using DD or software to make physical image.
How to do that without root ? The bootloader is locked.

In MobilEdit Forensic Express there is option "Get physical dump from MTK phone" but the phone must have unlocked bootloader to do that.

ReplyQuote
Posted : 22/04/2018 11:52 am
arcaine2
(@arcaine2)
Active Member

It's an MTK based phone. You can often make full backup even with free SPFlashTool only using it's "read memory" feature if you have correct DA (and sometimes preloader and auth file from a firmware file) and unlocked bootloader is not required.

I'm 100% confident that 3rd party tools like Infinity CM2MTK, Volcano etc can dump it without unlocking bootloader with their stock download agents so this shouldn't be a problem for MobileEDIT as well as long as it has a correct DA. You should just try it. Worst case scenario, it won't make a dump.

ReplyQuote
Posted : 22/04/2018 1:34 pm
Page 1 / 2
Share: