The claim in the FTI forensics report on Bezos’ iPhone that, “due to end-to-end encryption employed by WhatsApp, it is virtually impossible to decrypt the contents of the downloader [.enc file]...” bugged me so much that I coded up how to do it:https://github.com/ddz/whatsapp-media-decrypt …
-
-
Scanning through the report i notice the preview pic, this suggests the message with the key was/is still in the database. Also a bit surprised to see such nice screenshots... for some reason I always end up with snips of hexdumps and disassemby. Otoh: Audience (judges)pic.twitter.com/57fPbdxSH9
-
I assumed the same. The screenshot indicated that WhatsApp could still access the file and that they had enough access to phone to capture and export screenshot. I extracted my WhatsApp sqlite file from an iOS backup, no fancy forensics hardware necessary.
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.