Hello,
Is there a way to somehow export messenger messages on a non rooted device ?
The messages are in the database file name thread_db2 in /data/data/com.facebook.orca/databases/contacts_db2 but in non rooted device there is no access to that.
Is there another possibillity to get acces to that file or save messages in another way ?
Cloud?
Even if you get root/physical access, not all the messages are saved on the device any more, lots get stored in the cloud. Only the most recent will be locally on the device. Try putting a phone in airplane mode and seeing how many messages you can access vs. how many you can read when it has a network connection (obviously don't test this on the user's/suspect's phone).
Jamie
Thanks for your reply.
I know that only portion of messages are stored in the device.
Cloud is not the option. I shouldnt connect this to the Internet. This is the suspect's phone.
I cannot find the way to root it so I'm looking the way to somehow export existing messages.
Thanks for your reply.
I know that only portion of messages are stored in the device.
Cloud is not the option. I shouldnt connect this to the Internet. This is the suspect's phone.
I cannot find the way to root it so I'm looking the way to somehow export existing messages.
You will miss crucial evidence.
Device
Cloud
Mreza what do you mean ?
Mreza what do you mean ?
You could see on a example how many messages have been on the device and how many of them i extracted from the cloud. If you dismiss cloud, you could miss some key information.
Ok i got your point.
But right now Im only interested in message saved on the phone.
I need to somehow extract it.
Use adb. To export the database without rooting.
You need to connect device to PC
@droopy I tried adb.. it looks like I still need rooted device to do that.
What phone model / type / OS version u have?
Looking it up on Digital Forensic Compass, I see it's supported with the Cellebrite Ultimate; I take it you dont have access to that?
But yeah, otherwise legal authority and cloud download of suspects facebook account would be useful. Either legal request through facebook, consent+facebook takeout extraction, or using a social media capture tool with the credentials off the device.
ZTE Blade A452 Android 5.1
You should be able to make full dump of that phone directly, without rooting or even fully booting the device. Old MTK, not a secure device, no forced enctyption etc.
@randomaccess
I dont have access to that
@arcaine2
With rooted device I was using DD or software to make physical image.
How to do that without root ? The bootloader is locked.
In MobilEdit Forensic Express there is option "Get physical dump from MTK phone" but the phone must have unlocked bootloader to do that.
It's an MTK based phone. You can often make full backup even with free SPFlashTool only using it's "read memory" feature if you have correct DA (and sometimes preloader and auth file from a firmware file) and unlocked bootloader is not required.
I'm 100% confident that 3rd party tools like Infinity CM2MTK, Volcano etc can dump it without unlocking bootloader with their stock download agents so this shouldn't be a problem for MobileEDIT as well as long as it has a correct DA. You should just try it. Worst case scenario, it won't make a dump.