WhatsApp is the fastest growing instant messenger app. With over 2 billion monthly users, WhatsApp keeps the crown of the most popular instant messaging tool in the Western hemisphere. The recent introduction of end-to-end encrypted backups and the change of Google’s authentication protocol broke things temporarily for EXWA users, but now everything is back to normal. Learn how Elcomsoft Explorer for WhatsApp can download and decrypt encrypted WhatsApp communication histories from Google Drive and Apple iCloud!

iMessage, Hangouts, Skype, Telegram, Signal, WhatsApp are familiar, while PalTalk, Pigin, Psi Jabber client, Gadu-Gadu, Gajim, Trillian, BigAnt or Brosix are relatively little known. The tools from the first group are not only more popular but infinitely more secure compared to the tools from the second group. In this publication we’ll review the authentication methods used by the various instant messengers, and attempt to extract a password to the user’s account.

In today’s world of everyone wanting a slice of one’s personal information, users become more and more concerned about the privacy. The WhatsApp/Facebook integration raised an additional concern, considering that Facebook-owned Messenger requests the largest number of invasive permissions among all commonly used messengers. Data privacy and security concerns are mounting like a snowball. 2020 brought multiple data breach incidents from popular blogging resources from LiveJournal whose users’ data was breached and leaked to the darknet to financial institutions like Postbank with 12M exposed credit cards, hospitality giants as Mariott with 383 million records compromised or even Microsoft customers who also suffered from privacy-related issues.

Instant messaging apps have become the de-facto standard of real-time, text-based communications. The acquisition of instant messaging chats and communication histories can be extremely important for an investigation. In this article, we compare the five top instant messaging apps for iOS in the context of their forensic analysis.

For us, this year has been extremely replete with all sorts of developments in desktop, mobile and cloud forensics. We are proud with our achievements and want to share with you. Let’s have a quick look at what we’ve achieved in the year 2019.

WhatsApp remains one of the most popular instant messengers. With more than 1.5 billion users and about half billion daily active users, WhatsApp sends over 100 billion messages per day. WhatsApp is secure thanks to end-to-end encryption to make intercepted messages impossible to decrypt. While this is great news to consumers and privacy advocates, it is also bad news for the law enforcement. Once an expert accepts to access the suspect’s WhatsApp communication history, they will struggle with the encryption and demand for a vendor-provided backdoor (WhatsApp: The Bad Guys’ Secret Weapon).

Starting with version 2.40, Elcomsoft Extractor for WhatsApp supports physical and cloud acquisition of WhatsApp Business. The physical extraction method requires root access, while cloud acquisition requires authenticating into the user’s Google Drive account with proper authentication credential. In addition, a verification code received from WhatsApp as an SMS must be provided to decrypt the backup downloaded from Google Drive. In this guide, we’ll describe all the steps required to perform physical and cloud acquisition of WhatsApp Business. (more…)

With over 1.3 billion monthly users, WhatsApp is the most popular instant messaging tool worldwide, and Android is the most popular mobile operating system by far. This makes WhatsApp acquisition from Android devices essential for the law enforcement. Elcomsoft Explorer for WhatsApp 2.30 can now download and decrypt Android user’s encrypted WhatsApp communication histories stored in Google Drive. If you have access to the user’s trusted phone number or their physical SIM card (to receive a verification code from WhatsApp), you can now use Elcomsoft Explorer for WhatsApp to download, decrypt and display WhatsApp communication histories backed up into the user’s Google Account. Surprisingly, a cloud backup may, in certain cases, contain even more information than stored on the device itself. This particularly applies to attachments (photos and videos) sent and received by WhatsApp users and then deleted from the device.

Facebook-owned WhatsApp is the most popular instant messaging tool worldwide. Due to its point-to-point encryption, WhatsApp is an extremely tough target to extract.

WhatsApp is one of the most secure messengers with full end-to-end encryption. Messages exchanged between WhatsApp users are using an encrypted point-to-point communication protocol rendering man-in-the-middle attacks useless. WhatsApp communications are never stored or backed up on WhatsApp servers. All this makes government snooping on WhatsApp users increasingly difficult.