The software which I will introduce in this post, called WhatsDump, is a multi-platform tool that can be run by command line and is able to forensically acquire the cipher key needed to decrypt WhatsApp‘s msgstore.db.crypt*. You might be familiar with the well-known WhatsApp-Key-DB-Extractor which basically does the same thing but does not support Android Nougat and above devices. This is because it exploits a procedure called APK Downgrade in which the WhatsApp application is temporary replaced by an older version so that the private key can be extracted; the…
Read More