Acquire and analyze WhatsApp histories from multiple sourcesPosted by Olga Koksharova on April 8th, 2021 WhatsApp is one of the world's most popular instant messaging platforms among personal and business users. WhatsApp is a moderately secure platform, yet it lacks the tools for system administrators and IT security personell to track and analyze communications throughout their enterprises. The need to acquire and analyze WhatsApp communications and chat histories is also an important part of digital forensics. However, given the amount of data involved, it can be difficult to achieve this at scale, which is why Elcomsoft Explorer for WhatsApp was developed. This powerful tool works on Windows to acquire, decrypt, and display WhatsApp communications in a single user-friendly dashboard. It supports a range of acquisition methods to maximize its coverage and deliver a comprehensive solution that is also easy to use. The tool can extract WhatsApp communications histories, including messages, calls, exchanged images and other files from various sources. These include both local and cloud sources, as well as Android phones with and without root access. iOS system backups, such as those stored in iCloud or made with iTunes, are another possible source, although downloading such backups does require authenticating with the user's original Apple ID and password. Downloads from Google Drive require a login and password, and two-factor authentication is supported for both Apple and Google accounts. For Android, both rooted and non-rooted devices are supported from Android 4.0 to 9.0 and Android 4.0 to 6.0.1 respectively. In this case, WhatsApp backups are pulled from the user's device or cloud account and then decrypted, provided you have access to the user's SIM card and Google ID and password. Because WhatsApp provides secure, encrypted end-to-end messaging for users, it is not possible for law enforcement agencies to request communications history from Facebook, who owns WhatsApp. As a result, it is only possible to extract the data from end-user devices or backups, either local or online. Elcomsoft Explorer for WhatsApp greatly simplifies this process, while also providing a centralized browser where you can see all communications histories for every connected account. This makes it a highly effective way for identifying things like policy breaches or illegal activities. After all, WhatsApp has long been a popular target for cybercriminals, such as social engineering scammers, spammers, and hoaxers. With Elcomsoft solution, administrators can maintain oversight of their internal communications, while law enforcement bodies can simplify their digital forensics processes. The explorer app includes a user-friendly viewing interface with a powerful search function to let you browse instantly through communications spanning months or even years. You can view all messages, along with the timestamps and other information. It also shows a list of all available backups and their respective locations. Images and other files that have been exchanged are also viewable, including important metadata, such as the sender, recipient, file size, link, dimensions, and format. There is also a filter function to search communications histories by media type or data. For example, you might want to search only for photos shared during a specific time period. Get started with WhatsApp investigations at www.elcomsoft.com/exwa.htmlLike it? Share it! |