WhatsApp is one of the most popular instant messaging tools in the world, with clients available across all the major mobile platforms. But because it’s owned by Facebook, obtaining records of communications sent through the platform typically requires their assistance. Elcomsoft have created a solution for law enforcement agencies and businesses to acquire and analyze communications sent through WhatsApp from a range of sources. These include the ability to acquire and extract databases from Android phones, including those without root access. It’s also possible to obtain backups from Google Drive or iCloud Drive or locally from Android and iOS systems.
Elcomsoft is a powerful application with a built-in viewer that supports not only written messages, but also displays contact details, images, and everything else involved in WhatsApp communications. It displays all these communication histories in a convenient and user-friendly interface, and it can even decrypt existing backup archives, provided you have the correct password at your disposal. The software is suitable for working with any number of databases, while the included filtering and search function makes it easy to find records of interest in mere seconds. Downloading backed up databases from Apple iCloud or iCloud Drive requires the user’s ID and password, or by using a security authentication token extracted from their computer. Similarly, Google Drive downloads require a login and a password, and accounts with two-factor authentication in place are supported for both Apple and Google accounts.
WhatsApp database acquisition has long been a complicated process for law enforcement teams or for business users investigating potential breaches of contract and other incidents on accounts used by employees. But it has, on many occasions, proved necessary, not least because WhatsApp is widely used by spammers, hoaxers, and other cybercriminals. But since WhatsApp uses full end-to-end encryption for all communications, the databases can’t be acquired from Facebook, which currently owns WhatsApp, even if a law enforcement office requests it. Instead, acquisition is only possible when you have access to the end-user device or, alternatively, backup databases in the cloud or stored locally. Elcomsoft Explorer for WhatsApp supports acquisition in all methods. Provided the device is unlocked, for example, it’s possible to acquire databases from rooted devices running Android 4.0 to 9.0 and non-rooted ones from Android 4.0 to 6.0.1. Where the correct user credentials are provided, any encrypted data will automatically be decrypted.
The explorer component provides and intuitive and instantly familiar user experience where you can easily keep track of all communications histories and any related information. You can view all the messages, along with the timestamps and other information, and it shows a list of any available backups and where they’re stored. Details about pictures are also displayed in the application, including the user, file size, link, dimensions, and format. The filtering function lets you search by media type (either photo, audio, or video) and whether it was sent or received. You can also filter messages and media by date, which is ideal if you’re looking through very long communications histories.
Start your WhatsApp investigations at https://www.elcomsoft.com/exwa.html .