Whatsapp Sqlite Password

by

WhatsApp – A Brief Overview

WhatsApp is reportedly currently used by 1.5 billion people or 500 million users daily who send 60 billion messages a day. Due to this, a mobile phone forensic investigation often includes evidence identified within WhatsApp messages.

How Does WhatsApp Work?

Available SQLite database parsers such as SQLite Manager, SQLite Spy or SQLite Database Browser. For our experiment we use a free software “SQLite SPY”(Figure 13) 5. Thus we have successfully managed to parse the output of encrypted WhatsApp backup files by decrypting the backup databases using crypt7 cipher key file which was carved out of. The SQLite file I am trying to open is ChatStorage.sqlite.enc which asks for a password to open but not sure how to decrypt that file. Also, find a password in the keychain which is net.whatsapp.RecoveryToken, but that is also protected, so that didn't help either.

WhatsApp uses the phone number of the device to form the basis of the account as the unique identifier and messages are sent to it using the account generated from that phone number.

The WhatsApp Files that May Contain Evidence

When dealing with Whatsapp on Android based phones, the SQLite databases named msgstore.db and wa.db are the most important.

The msgstore.db of WhatsApp contains chat messages between a user and contacts and the wa.db file stores all the WhatsApp user’s contact information.

Whatsapp sqlite password change

The msgstore.db within WhatsApp contains 2 tables. The messages table contains all Whatsapp messages that have been sent and received and includes the contact’s phone number, the content of the message, the status of the message (whether it has been received), the time/date stamps of the message and the details of any attachments to the message.

If an attachment is sent via WhatsApp then it has its own entry within the table and the message content field is null.

Whatsapp Sqlite Password Generator

Whatsapp

A thumbnail and link to the image is stored and the image itself is also stored within the Whatsapp msgstore.db file.

The table may also include location co-ordinates that can allow an investigator to identify the specific location of an individual at the time.

The table named Chat_list within Whatsapp contains all phone numbers communicated with, however, if communication has not occurred with a stored contact then it will not be stored here, however, it will be stored within the wa.db file.

The file named wa.db contains a list of the WhatsApp user’s contacts including name, number, timestamp and all other information provided when the account was registered.

The WhatsApp database files are stored on the handset memory, however, the msgstore.db file may also be stored as a backup on any memory cards present as msgstore.db.crypt which is encrypted and cannot be examined without first being decrypted from a key that is normally stored on the data partition within the WhatsApp folder.

Apple iOS – WhatsApp Forensics

Apple iOS stores all WhatsApp data within a database named ChatStorage.sqlite which is located within the directory path net.whatsapp.WhatsApp/Documents/ChatStorage.sqlite.

The MESSAGE and MEDIAITEM tables contain messages, sender, recipient, date/time stamps, location information and the location of attachments sent/received within those Whatsapp messages.

The WhatsApp application on Apple iOS also stores a database named contacts.sqlite within the same directory that includes, sender and recipient details, the content of the message, the status of the message (whether it has been received), the time/date stamps of the message and the details of any attachments to the message.

About AthenaForensics

Whatsapp Sqlite PasswordWhatsapp

For information on our digital forensic services or if you require anyadvice or assistance please contact a member of our team on 0330 123 4448 orvia email on enquiries@athenaforensics.co.uk,further details are available on our contact us page.

Our client’s confidentiality is of the utmost importance. All correspondenceis treated with discretion, from initial contact to the conclusion of anycomputer forensics investigation.

Our digital forensics experts are fully aware of the significance andimportance of the information that they encounter and we have been accreditedto ISO 9001 for 10 years.

Our forensic experts are all security cleared and we offer non-disclosureagreements if required. Our premises along with our security procedures havebeen inspected and approved by law enforcement agencies.

Whatsapp Sqlite Password Reset

Athena Forensics do not disclose personal information to other companies orsuppliers.