A Step-to-Step Guide for Data Extraction from Wechat
-
Content
- Case Description
- Case Analysis
- Case Study
- Notes
-
Content
- Case Description
- Case Analysis
- Case Study
- Notes
Case Description
When a police station in Hunan cracked a motorcycle gang theft case, they arrested the suspect Zhang on the spot during the transaction and obtained his real mobile phone. Investigators found that there was a large amount of direct digital evidence related to theft on his WeChat, and it was necessary to fix the evidence and perform data extraction from WeChat.
Case Analysis
Later, it was discovered that the mobile phone data port failed and the mobile phone storage could not be accessed through the computer. The actual storage was 256G and the remaining available storage space was 207.57G. However, the WeChat data was 7.56G. Since the remaining storage space of the backup mechanism of the Android phone was less than the application storage size, it could not be backed up. For WeChat data. In order to ensure the originality and integrity of all mobile phone data, methods such as uninstalling applications are not adopted. Only the WeChat backup tool in the SPF Pro smartphone data recovery forensic system can be used to back up existing data, and then the SPF Pro data extraction function can be used for backup. File parsing.
Case Study
Step 1. Open the WeChat data backup tool in the toolbox of the SPF Pro smartphone forensics system professional.
Step 2. Set the backup file path and operate according to the guidance. First, keep the computer and mobile phone in the same network environment, download WeChat on the computer and scan the QR code to log in, and then click “Ready for backup”.
Step 3. Click “Migrate and Backup” in the lower left corner of the WeChat computer interface, select “Backup and Restore”, and back up chat records to your computer.
Step 4. Confirm the authorization on your mobile phone via WeChat to start the backup. You can see the backup process on your computer and mobile phone at the same time.
Step 5. Wait for the WeChat backup tool to prompt that the backup is successful, and check whether the backup file generates a decrypted key file.
Step 6. Create a new case in SPF Pro, click “Folder Analysis” on the device interface, and select the backup file location.
Step 7. Click “Automatic Logical Extraction”, select “WeChat Computer Backup” in the social chat, and then click “Start Extraction”.
Step 8. Observe the data extraction progress. After the extraction is completed, check the extraction results. You can see the WeChat data and complete the WeChat data fixation.
Notes
1. For Telegram, we can also take PC backup as the second strategy to perform data extraction.
2. Logging in to the PC version of WeChat requires connecting the target phone to the Internet, so this strategy needs to consider the risk of data loss.
