WhatsApp analysis

WhatsApp is a popular chat-/video-messaging service with over 500,000,000 downloads in Google Play.

Package name: com.whatsapp

Version: 2.11.498

Files of interest:

/files/
- Avatars/
- me
- me.jpeg
/shared_prefs/
- RegisterPhone.xml
- VerifySMS.xml
/databases/
- msgstore.db
- wa.db
/sdcard/WhatsApp/
- Media/
- Databases/

The /files/avatars directory contains thumbnails of the profile pictures of contacts that use the app, and me.jpg is a full-size version of the user's profile picture. The me file contains the phone number associated with the account

The phone number associated with the account can also be recovered in /shared_prefs/RegisterPhone.xml. The /shared_prefs/VerifySMS.xml file shows the time that the account was verified (in the Linux epoch format, ...

Get Learning Android Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Learning Android Forensics by Rohit Tamma, Donnie Tindall

WhatsApp analysis

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly