Mobile Forensics Tool Now Extracts WhatsApp Data via QR Code

By Serena ClarkDigital Forensics

Mobile Forensics Tool Now Extracts WhatsApp Data via QR Code

Oxygen Software LLC has released version 11.0 of its product, Mobile Forensics. The “Cloud Services” module now includes a feature that allows data extraction from a mobile device using WhatsApp QR code authorization or a WhatsApp QR token from web browsers or the desktop version of WhatsApp. A key advantage of this feature is that, with a valid token, it is possible to extract the entire message database even from a locked device.

Extracted Data Includes:

  • Device and account information: Device model, manufacturer, operating system version, phone number with MNC and MCC, battery status, interface language, and device owner’s nickname.
  • Contact list and avatars: All contacts from the mobile device, including those not registered on WhatsApp.
  • Messages from personal and group chats: Complete lists of all personal and group chats, as well as chat participants.
  • Missed calls.
  • Media files and other attachments: Images, videos, voice messages, audio files, contacts, and geolocations.

The WhatsApp QR token can be found using the “Scout” module in web browsers such as Google Chrome, Opera, Mozilla Firefox, or in the WhatsApp desktop application. The token may also have been generated during a previous session in “Cloud Services.” It’s important to note that the token is single-use: after authorization, the server issues a new token, which must be used for the next login.

Oleg Skulkin, a leading computer forensics specialist at Group-IB, commented:

“Modern security measures used by mobile device manufacturers are creating new obstacles for mobile forensics experts, limiting the ability to extract forensically significant information. This fact highlights the importance of using alternative data extraction methods.”

In addition, Mobile Forensics 11.0 now supports MTK Smart Watch and MTK Feature Phone devices, as well as iOS 12.0 and the iPhone Xs, iPhone Xs Max, and iPhone Xr. The developers have also added proxy support for Google, WhatsApp QR, Facebook, Telegram, Dropbox, and Twitter services.

Leave a Reply