Rozwiązania korporacyjne


Elcomsoft Explorer for WhatsApp

The Ultimate WhatsApp Acquisition Tool

Elcomsoft Explorer for WhatsApp (EXWA) is a Windows tool to acquire, decrypt and display WhatsApp communication histories. The tool provides multiple acquisition options to extract and decrypt WhatsApp data from multiple local and cloud sources including Android smartphones, iOS system backups (iTunes and iCloud), and WhatsApp proprietary cloud backups in iCloud Drive.

The tool supports both rooted and non-rooted Android phones. Encrypted backups can be automatically decrypted providing that the correct password is supplied. Downloading cloud backups from Apple iCloud and iCloud Drive requires entering the user’s Apple ID and password or using a binary authentication token extracted from the user’s computer.

The built-in viewer offers convenient view of messages, calls and pictures stored in multiple WhatsApp databases obtained from the different sources. Instant filtering and ultra-fast searching allow finding records of interest in a matter of seconds.

Elcomsoft Explorer for WhatsApp is an all-in-one standalone acquisition, extraction and viewing tool for WhatsApp backups.

WhatsApp Acquisition

Elcomsoft Explorer for WhatsApp supports all of the following acquisition methods of WhatsApp databases:

  • Direct extraction from Android smartphones
    Rooted (Android 4.0-7.1.1) and non-rooted (Android 4.0-6.0.1) devices are supported. Phone must be unlocked for acquisition.
  • Extraction from local iTunes backups
    Encrypted backups are automatically decrypted. The correct password is required to decrypt the backup.
  • Over-the-air acquisition from iOS backups stored in Apple iCloud
    WhatsApp databases are automatically retrieved from iOS backups stored in Apple iCloud. Fast acquisition is made possible by selectively downloading WhatsApp information instead of pulling the entire backup from the cloud.[1] Apple ID and password or binary authentication token required.[2].
  • Over-the-air acquisition of WhatsApp proprietary backups stored in iCloud Drive
    Proprietary WhatsApp backups can be pulled from the user’s iCloud Drive account. [1] Apple ID and password or binary authentication token required.[2]

WhatsApp Acquisition: Not an Easy Target

WhatsApp Messenger is one of the most popular instant messaging tools, if not the most popular one. WhatsApp clients are available for all mobile platforms including Android, Apple iOS, Blackberry, and Microsoft Windows Phone 8.x and Windows 10 Mobile.

WhatsApp is a popular target for spammers, hoaxers and cyber criminals. On at least one occasion, intercepted WhatsApp communications helped uncover a terrorist organization.

Since WhatsApp employs secure end-to-end messaging, it is not possible for law enforcement to request communication histories from Facebook who currently owns WhatsApp. As a result, acquisition is only possible from end-user devices or data backups produced by such devices and saved either locally or stored in a cloud.

WhatsApp Acquisition from Android

Elcomsoft Explorer for WhatsApp can extract WhatsApp conversations directly from a wide range of Android smartphones. As WhatsApp securely encrypts its databases, root access is recommended (but not required) for acquisition. If no root access is available, Elcomsoft Explorer for WhatsApp will employ a workaround by pushing an acquisition tool into the phone temporarily for extracting the decryption key.

If root access is available, Elcomsoft Explorer for WhatsApp can extract WhatsApp conversations from Android handsets running Android 4.0 through 7.1.1. Without root access, compatibility is limited to Android versions 4.0 through 6.0.1.

Downloading Proprietary WhatsApp Backups*

WhatsApp has the ability to create cloud backups of its database, saving them in Apple iCloud Drive. Unlike iOS devices that are unique per Apple device, WhatsApp backups are unique per phone number. This means that regardless of how many Apple devices the user has registered under their Apple account, the number of available WhatsApp backups in the user’s iCloud Drive will depend on how many different phone numbers are used within the Apple account.

WhatsApp can be configured to create backups in iCloud Drive even if the device does not have iCloud backups enabled. At this time, Elcomsoft Explorer for WhatsApp is the only tool that can extract proprietary WhatsApp backups from iCloud Drive.

  • In recent versions, WhatsApp started using encryption for its backup files. At this time, we cannot decrypt encrypted backups. You will be able to view contacts, sent and received media files and other data; however, the actual messages will remain encrypted.

Information Available in WhatsApp Databases

WhatsApp is an instant messaging application. Its databases contain information about peer-to-peer communications between users, including the following records:

WhatsApp Database Content

  • Sent and received text messages complete with contact ID’s and timestamps
  • User’s contact database complete with phone numbers
  • Calls
  • Pictures sent and received, complete with timestamps and contact ID’s

Built-In Viewer

Elcomsoft Explorer for WhatsApp is equipped with a built-in viewer supporting multiple WhatsApp databases extracted from various sources. The viewer includes instant filtering and quick search functionality. Finding a certain contact, message or conversation is easy by specifying a date range or typing a partial key word into the search box.


Requirements to Download WhatsApp Databases from the Cloud

The Standard edition of Elcomsoft Explorer for WhatsApp can download information from Apple iCloud and iCloud Drive[1]. In order to be able to download information from Apple iCloud/iCloud Drive, the correct Apple ID and password are required. In addition, one can use a binary authentication token extracted from the user’s PC or Mac. For extracting binary authentication tokens, we recommend using a tool from Elcomsoft Phone Breaker (if you don’t own a license, the evaluation version will work just fine).

Features and Benefits

  • Acquire WhatsApp databases from a wide range of sources
  • Extract conversations from Android and iOS devices
  • Local and over-the-air acquisition
  • Home edition supports extraction from Android, iTunes, iCloud, and WhatsApp proprietary backups in iCloud Drive[1] (authentication credentials required)
  • Fast iCloud acquisition via selective download
  • Built-in viewer with instant filtering and searching
  • Access to WhatsApp databases stored in encrypted backups (password required)
  • Full acquisition and extraction cycle with built-in viewer

  1. In recent versions, WhatsApp started using encryption for its backup files. At this time, we cannot decrypt encrypted backups. You will be able to view contacts, sent and received media files and other data; however, the actual messages will remain encrypted. 

  2. Binary authentication tokens can be extracted from the user’s computer with a tool available with Elcomsoft Phone Breaker. If you don’t own the product, the token extraction tool is also available in the free evaluation version of Elcomsoft Phone Breaker

 


Zamów licencję do programu EXWA

Pobierz bezpłatną testową wersję do EXWA

Current version: 2.02.19416 (23 May, 2017)

The product can be uninstalled through Control Panel ‘Programs and features’, or using ‘Unistall’ program in Start menu. Standard Windows Installer service is being used.