WhatsApp database decrypt via cloud and token from any Android device
WhatsApp Messenger is a freeware and cross-platform messaging and Voice over IP service owned by Facebook. WhatsApp is a very popular application in social networks but sometimes it is challenging for digital forensic investigators to decrypt WhatsApp databases from Android devices. An Android device stores a database file named msgstore.db.crypt12 that is encrypted by WhatsApp. WhatsApp backups are made in Android devices and decrypted in the Cloud Extractor via phone number or WhatsApp Cloud token.
One such application is WhatsApp, which over various versions has tried to maintain the confidentiality and integrity of messages sent and received using WhatsApp. A db.crypt12 file is a database file used by WhatsApp Messenger. It stores encrypted messages of chat history. It is used by WhatsApp to secure a user’s message on the Android device. WhatsApp uses a different algorithm to encrypt the database file. Each new version of the WhatsApp application uses a different algorithm to encrypt the database.
The db.crypt12 database files are located in
/internal memory or sdcard/WhatsApp/Databases.
In this screenshot, the Oxygen Forensic Cloud Extractor gives service to extract WhatsApp data from db.crypt12. Simply connect the device to the computer and turn USB debugging mode on so we can see the WhatsApp folder and select db.crypt12 file into this section and click on next.
Now enter the phone number you selected in the WhatsApp database and it will send a OTP (one time password) on your registered mobile number or you can select WhatsApp Cloud token also if you have a token id.
Finally, the WhatsApp database is successfully decrypted. Now we can see all the messages sent or received, group messages, private messages, etc. But do not forgot to connect the internet in your computer while running this process otherwise it fails. It will be an easy way for all digital forensic investigators to decrypt WhatsApp data and no longer challenging for us.