SlideShare a Scribd company logo

MODIFYING WHATSAPP MESSAGES FOR DUMMIES

INCIDE
INCIDE

FAQin Congress - 5/3/2016 EDITING WHATSAPP CONTENTS ON A NON JAILBREAK IPHONE OR HOW TO FOOL FORENSIC EXPERTS REPORTS. Video at slide 38 ! and also here: DEMO VIDEO: https://youtu.be/9BTMQSqJy_I

Technology
1 of 37
Download to read offline
MODIFYING WHATSAPP MESSAGES FOR DUMMIES EDITING WHATSAPP CONTENTS ON A NON JAILBREAK IPHONE OR HOW TO FOOL FORENSIC EXPERTS REPORTS.
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHO AM I ▸ Abraham Pasamar (@apasamar) ▸ INCIDE CEO ▸ Over 10 years hands-on experience as a Digital Forensic Investigator, Researcher, eDiscovery Consultant and Expert Witness ▸ Over 300 Expert Witness Reports and over 100 testify in court ▸ Experience in managing Computer Incidents, Internal Fraud, Data Loss and other Incidents in complex environments and high-profile cases. Both from a technical and client management perspective
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP NUMBERS ▸ 2009 -> 2016 ▸ 0 -> 1 BILLION USERS !!! ▸ 2014 -> sold to facebook ▸ 19.000 MM $
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP NUMBERS ▸ 2009 -> 2016 ▸ 0 -> 1 BILLION USERS !!! ▸ 2014 -> sold to facebook ▸ 19.000 MM $
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS ▸ iOS: Home + Sleep/Wake button ▸ Android: Volume Down + Power button
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS ▸ iOS: Home + Sleep/Wake button ▸ Android: Volume Down + Power button
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS ▸ iOS: Home + Sleep/Wake button ▸ Android: Volume Down + Power button
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS ▸ iOS: Home + Sleep/Wake button ▸ Android: Volume Down + Power button
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS AS A DIGITAL EVIDENCE
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS AS A DIGITAL EVIDENCE
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS AS A DIGITAL EVIDENCE
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS AS A DIGITAL EVIDENCE
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS AS A DIGITAL EVIDENCE
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS AS A DIGITAL EVIDENCE
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS AS A DIGITAL EVIDENCE
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS AS A DIGITAL EVIDENCE can be faked !!!
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP IN THE SPANISH COURTS ▸ Case number 300/2015 ▸ On May 19, 2015 Spanish Criminal High Court establishes the criteria to accept the probative value of screenshots or “snapshots"
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP IN THE SPANISH COURTS ▸ The high court stated that it possible to simulate a communication in which a single user interacts with himself. ▸ It is essential to request an expert to run a forensic analysis of the contents and to provide an expert witness report.
MODIFYING WHATSAPP MESSAGES FOR DUMMIES EXPERT WITNESS REPORT ▸ An expert in applying scientific, technical or medical knowledge to the purposes of law ▸ Computer forensics expert report
IS IT POSSIBLE TO MODIFY WHATSAPP MESSAGES? MODIFYING WHATSAPP MESSAGES FOR DUMMIES ▸ Strong end-to-end encryption
IS IT POSSIBLE TO MODIFY WHATSAPP MESSAGES? MODIFYING WHATSAPP MESSAGES FOR DUMMIES ▸ There are many articles written by security researchers describing how t modify whatsapp messages from a rooted or jailbroken device.
MODIFYING WHATSAPP MESSAGES FOR DUMMIES HOW TO MODIFY WHATSAPP MESSAGES ▸ In a rooted or jailbroken device, it is possible to access directly the Whatsapp DATABASE, and use SQL commands to modify any message. SQLITE DATABASE
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHAT CAN A FORENSIC EXPERT DO TO DETECT A JAILBREAK ▸ There are a lot of indicators to detect a Jailbreak: ▸ Presence of APPs (i.e. cydia, terminal, etc) ▸ Shell access ▸ Several files in filesystem
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHAT IF THE EXPERT DETECTS A JAILBREAK ▸ Messages may have been modified, but maybe not ▸ The expert should look for traces of alteration ▸ Even in the case of not finding any evidences, it is possible that the messages have been modified. ▸ In this case, forensic experts are usually not able to be conclusive on the results
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHAT HAPPENS IF THE DEVICE HAS NOT BEEN JAILBROKEN ▸ Expert can not access to the whole filesystem ▸ It is not possible to perform an extensive analysis ▸ Only the ‘backup’ files can be analyzed
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHAT DOES THE EXPERT CONCLUDE IN THIS CASE? ▸ most experts will certainly be able to assess the integrity of the messages
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHAT DOES THE EXPERT CONCLUDE IN THIS CASE? ▸ most experts will certainly be able to assess the integrity of the messages
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHY? ▸ Because IT IS POSSIBLE to modify whatsapp messages in a NO-JAILBROKEN device
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHY? ▸ Because IT IS POSSIBLE to modify whatsapp messages in a NO-JAILBROKEN device
MODIFYING WHATSAPP MESSAGES FOR DUMMIES HOW ?
MODIFYING WHATSAPP MESSAGES FOR DUMMIES HOW ?
MODIFYING WHATSAPP MESSAGES FOR DUMMIES YES, YOU GOT IT !
MODIFYING WHATSAPP MESSAGES FOR DUMMIES BACKUP IS THE KEY
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP DATABASE BACKUP IS NOT ENCRYPTED
MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP DATABASE BACKUP IS NOT ENCRYPTED AND THERE IS NO BACKUP MODIFICATION CONTROL
MODIFYING WHATSAPP MESSAGES FOR DUMMIES IT’S DEMO TIME
MODIFYING WHATSAPP MESSAGES FOR DUMMIES CONCLUSIONS ▸ Local backup modifications are posible ▸ No ease to fix, only if backup is related to the Device ▸ Forensic experts can be fooled

Recommended

Assembly and Disassembly Procedure of Screw type Compressor
Assembly and Disassembly Procedure of Screw type Compressor Assembly and Disassembly Procedure of Screw type Compressor
Assembly and Disassembly Procedure of Screw type Compressor Shah Jalal
 
1.seal mechanical seal
1.seal mechanical seal1.seal mechanical seal
1.seal mechanical sealChetan vadodariya
 
Smart Communication Inc, Certificate of Employment
Smart Communication Inc, Certificate of EmploymentSmart Communication Inc, Certificate of Employment
Smart Communication Inc, Certificate of EmploymentJason Barra
 
Welding of Similar & dissimilar - Metal filler chart
Welding of Similar & dissimilar - Metal filler chartWelding of Similar & dissimilar - Metal filler chart
Welding of Similar & dissimilar - Metal filler chartVidhi Sukhadiya
 
Dissimilar electrode filler wire
Dissimilar electrode filler wireDissimilar electrode filler wire
Dissimilar electrode filler wireAmit Gokhale
 
all product tyco
all product tycoall product tyco
all product tycoIr. Hadi Budiman
 
Boiler feed and pump sizing c-b and grundfos july 2016(1)
Boiler feed and pump sizing c-b and grundfos july 2016(1)Boiler feed and pump sizing c-b and grundfos july 2016(1)
Boiler feed and pump sizing c-b and grundfos july 2016(1)lorenzo Monasca
 
Boiler Feedwater Pumps
Boiler Feedwater PumpsBoiler Feedwater Pumps
Boiler Feedwater PumpsGerard B. Hawkins
 

Recommended

Assembly and Disassembly Procedure of Screw type Compressor
Assembly and Disassembly Procedure of Screw type Compressor Assembly and Disassembly Procedure of Screw type Compressor
Assembly and Disassembly Procedure of Screw type Compressor Shah Jalal
 
1.seal mechanical seal
1.seal mechanical seal1.seal mechanical seal
1.seal mechanical sealChetan vadodariya
 
Smart Communication Inc, Certificate of Employment
Smart Communication Inc, Certificate of EmploymentSmart Communication Inc, Certificate of Employment
Smart Communication Inc, Certificate of EmploymentJason Barra
 
Welding of Similar & dissimilar - Metal filler chart
Welding of Similar & dissimilar - Metal filler chartWelding of Similar & dissimilar - Metal filler chart
Welding of Similar & dissimilar - Metal filler chartVidhi Sukhadiya
 
Dissimilar electrode filler wire
Dissimilar electrode filler wireDissimilar electrode filler wire
Dissimilar electrode filler wireAmit Gokhale
 
all product tyco
all product tycoall product tyco
all product tycoIr. Hadi Budiman
 
Boiler feed and pump sizing c-b and grundfos july 2016(1)
Boiler feed and pump sizing c-b and grundfos july 2016(1)Boiler feed and pump sizing c-b and grundfos july 2016(1)
Boiler feed and pump sizing c-b and grundfos july 2016(1)lorenzo Monasca
 
Boiler Feedwater Pumps
Boiler Feedwater PumpsBoiler Feedwater Pumps
Boiler Feedwater PumpsGerard B. Hawkins
 
Gas lift design
Gas lift designGas lift design
Gas lift designNicodeme Feuwo
 
Hot Tapping Requirement
Hot Tapping RequirementHot Tapping Requirement
Hot Tapping Requirementwael el ariny
 
Coiled tubing Equipments .pdf
Coiled tubing Equipments .pdfCoiled tubing Equipments .pdf
Coiled tubing Equipments .pdfFernandoPilamunga1
 
Wen_Design.ppt
Wen_Design.pptWen_Design.ppt
Wen_Design.pptMOHAMMEDSalih117921
 
Flowserve_Piping_Plan_Pocket_Pal (1).pdf
Flowserve_Piping_Plan_Pocket_Pal (1).pdfFlowserve_Piping_Plan_Pocket_Pal (1).pdf
Flowserve_Piping_Plan_Pocket_Pal (1).pdfAjinkyaRanaware1
 
Feb. 2016 webinar_condensate_return_piping
Feb. 2016 webinar_condensate_return_pipingFeb. 2016 webinar_condensate_return_piping
Feb. 2016 webinar_condensate_return_pipinglorenzo Monasca
 
Haby Ropa Intima / Despierta la Pasión 2018
Haby Ropa Intima / Despierta la Pasión 2018Haby Ropa Intima / Despierta la Pasión 2018
Haby Ropa Intima / Despierta la Pasión 2018Luz Amparo Cerón
 
Well Test Analysis in Horizontal Wells
Well Test Analysis in Horizontal WellsWell Test Analysis in Horizontal Wells
Well Test Analysis in Horizontal WellsSohil Shah
 
04 gas lift_equipment
04 gas lift_equipment04 gas lift_equipment
04 gas lift_equipmentHa Noi University of mining and geology
 
Introduction - Artificial lift
Introduction - Artificial liftIntroduction - Artificial lift
Introduction - Artificial liftAndi Anriansyah
 
Stuck up– packing and bridging dd
Stuck up– packing and bridging ddStuck up– packing and bridging dd
Stuck up– packing and bridging ddMohan Doshi
 
Tubing string
Tubing stringTubing string
Tubing stringElsayed Amer
 
Centrifugal Compressors
Centrifugal CompressorsCentrifugal Compressors
Centrifugal CompressorsGerard B. Hawkins
 
suresh_011
suresh_011suresh_011
suresh_011Suresh Sanapathi
 
iFluids Tank Inspection services
iFluids Tank Inspection servicesiFluids Tank Inspection services
iFluids Tank Inspection servicesJohn Kingsley
 
Ci
CiCi
CiEng-Mahmoud Sherif
 
Secondary cementing
Secondary cementingSecondary cementing
Secondary cementingkareem Hassan
 
Tr.Reference 27.pdf
Tr.Reference 27.pdfTr.Reference 27.pdf
Tr.Reference 27.pdfUgyenTshering51
 
Dry gas seal Systems
Dry gas seal SystemsDry gas seal Systems
Dry gas seal Systemskstnhdk54
 
Nitrogen Generation Presentation 1
Nitrogen Generation Presentation 1Nitrogen Generation Presentation 1
Nitrogen Generation Presentation 1Bryan Cook
 
Es Whatsapp un testigo fiable en un juicio?
Es Whatsapp un testigo fiable en un juicio?Es Whatsapp un testigo fiable en un juicio?
Es Whatsapp un testigo fiable en un juicio?INCIDE
 
Evading anti virus detection in downloader scripts - zusy
Evading anti virus detection in downloader scripts - zusyEvading anti virus detection in downloader scripts - zusy
Evading anti virus detection in downloader scripts - zusyINCIDE
 

More Related Content

What's hot

Hot Tapping Requirement
Hot Tapping RequirementHot Tapping Requirement
Hot Tapping Requirementwael el ariny
 
Flowserve_Piping_Plan_Pocket_Pal (1).pdf
Flowserve_Piping_Plan_Pocket_Pal (1).pdfFlowserve_Piping_Plan_Pocket_Pal (1).pdf
Flowserve_Piping_Plan_Pocket_Pal (1).pdfAjinkyaRanaware1
 
Feb. 2016 webinar_condensate_return_piping
Feb. 2016 webinar_condensate_return_pipingFeb. 2016 webinar_condensate_return_piping
Feb. 2016 webinar_condensate_return_pipinglorenzo Monasca
 
Haby Ropa Intima / Despierta la Pasión 2018
Haby Ropa Intima / Despierta la Pasión 2018Haby Ropa Intima / Despierta la Pasión 2018
Haby Ropa Intima / Despierta la Pasión 2018Luz Amparo Cerón
 
Well Test Analysis in Horizontal Wells
Well Test Analysis in Horizontal WellsWell Test Analysis in Horizontal Wells
Well Test Analysis in Horizontal WellsSohil Shah
 
Introduction - Artificial lift
Introduction - Artificial liftIntroduction - Artificial lift
Introduction - Artificial liftAndi Anriansyah
 
Stuck up– packing and bridging dd
Stuck up– packing and bridging ddStuck up– packing and bridging dd
Stuck up– packing and bridging ddMohan Doshi
 
iFluids Tank Inspection services
iFluids Tank Inspection servicesiFluids Tank Inspection services
iFluids Tank Inspection servicesJohn Kingsley
 
Dry gas seal Systems
Dry gas seal SystemsDry gas seal Systems
Dry gas seal Systemskstnhdk54
 
Nitrogen Generation Presentation 1
Nitrogen Generation Presentation 1Nitrogen Generation Presentation 1
Nitrogen Generation Presentation 1Bryan Cook
 

What's hot (20)

Gas lift design
Gas lift designGas lift design
Gas lift design
 
Hot Tapping Requirement
Hot Tapping RequirementHot Tapping Requirement
Hot Tapping Requirement
 
Coiled tubing Equipments .pdf
Coiled tubing Equipments .pdfCoiled tubing Equipments .pdf
Coiled tubing Equipments .pdf
 
Wen_Design.ppt
Wen_Design.pptWen_Design.ppt
Wen_Design.ppt
 
Flowserve_Piping_Plan_Pocket_Pal (1).pdf
Flowserve_Piping_Plan_Pocket_Pal (1).pdfFlowserve_Piping_Plan_Pocket_Pal (1).pdf
Flowserve_Piping_Plan_Pocket_Pal (1).pdf
 
Feb. 2016 webinar_condensate_return_piping
Feb. 2016 webinar_condensate_return_pipingFeb. 2016 webinar_condensate_return_piping
Feb. 2016 webinar_condensate_return_piping
 
Haby Ropa Intima / Despierta la Pasión 2018
Haby Ropa Intima / Despierta la Pasión 2018Haby Ropa Intima / Despierta la Pasión 2018
Haby Ropa Intima / Despierta la Pasión 2018
 
Well Test Analysis in Horizontal Wells
Well Test Analysis in Horizontal WellsWell Test Analysis in Horizontal Wells
Well Test Analysis in Horizontal Wells
 
04 gas lift_equipment
04 gas lift_equipment04 gas lift_equipment
04 gas lift_equipment
 
Introduction - Artificial lift
Introduction - Artificial liftIntroduction - Artificial lift
Introduction - Artificial lift
 
Stuck up– packing and bridging dd
Stuck up– packing and bridging ddStuck up– packing and bridging dd
Stuck up– packing and bridging dd
 
Tubing string
Tubing stringTubing string
Tubing string
 
Centrifugal Compressors
Centrifugal CompressorsCentrifugal Compressors
Centrifugal Compressors
 
suresh_011
suresh_011suresh_011
suresh_011
 
iFluids Tank Inspection services
iFluids Tank Inspection servicesiFluids Tank Inspection services
iFluids Tank Inspection services
 
Ci
CiCi
Ci
 
Secondary cementing
Secondary cementingSecondary cementing
Secondary cementing
 
Tr.Reference 27.pdf
Tr.Reference 27.pdfTr.Reference 27.pdf
Tr.Reference 27.pdf
 
Dry gas seal Systems
Dry gas seal SystemsDry gas seal Systems
Dry gas seal Systems
 
Nitrogen Generation Presentation 1
Nitrogen Generation Presentation 1Nitrogen Generation Presentation 1
Nitrogen Generation Presentation 1
 

More from INCIDE

Es Whatsapp un testigo fiable en un juicio?
Es Whatsapp un testigo fiable en un juicio?Es Whatsapp un testigo fiable en un juicio?
Es Whatsapp un testigo fiable en un juicio?INCIDE
 
Evading anti virus detection in downloader scripts - zusy
Evading anti virus detection in downloader scripts - zusyEvading anti virus detection in downloader scripts - zusy
Evading anti virus detection in downloader scripts - zusyINCIDE
 
NoCONName 2014 (Ncn2k14) Abraham Pasamar - Desmitificando el AntiVirus
NoCONName 2014 (Ncn2k14) Abraham Pasamar - Desmitificando el AntiVirusNoCONName 2014 (Ncn2k14) Abraham Pasamar - Desmitificando el AntiVirus
NoCONName 2014 (Ncn2k14) Abraham Pasamar - Desmitificando el AntiVirusINCIDE
 
Navaja negra 2014_nn4ed_abraham_pasamar-desmitificando_el_anti_virus
Navaja negra 2014_nn4ed_abraham_pasamar-desmitificando_el_anti_virusNavaja negra 2014_nn4ed_abraham_pasamar-desmitificando_el_anti_virus
Navaja negra 2014_nn4ed_abraham_pasamar-desmitificando_el_anti_virusINCIDE
 
AntiVirus Evasion Techniques Use of Crypters 2k14 at MundoHackerDay
AntiVirus Evasion Techniques Use of Crypters 2k14 at MundoHackerDayAntiVirus Evasion Techniques Use of Crypters 2k14 at MundoHackerDay
AntiVirus Evasion Techniques Use of Crypters 2k14 at MundoHackerDayINCIDE
 
Evasion_AVs_Uso_de_Crypters-MundoHackerDay_2k14_apasamar
Evasion_AVs_Uso_de_Crypters-MundoHackerDay_2k14_apasamarEvasion_AVs_Uso_de_Crypters-MundoHackerDay_2k14_apasamar
Evasion_AVs_Uso_de_Crypters-MundoHackerDay_2k14_apasamarINCIDE
 
Evadiendo antivirus - uso de crypters
Evadiendo antivirus - uso de cryptersEvadiendo antivirus - uso de crypters
Evadiendo antivirus - uso de cryptersINCIDE
 
Seminario análisis forense - quién se ha llevado mi archivo
Seminario análisis forense - quién se ha llevado mi archivoSeminario análisis forense - quién se ha llevado mi archivo
Seminario análisis forense - quién se ha llevado mi archivoINCIDE
 

More from INCIDE (8)

Es Whatsapp un testigo fiable en un juicio?
Es Whatsapp un testigo fiable en un juicio?Es Whatsapp un testigo fiable en un juicio?
Es Whatsapp un testigo fiable en un juicio?
 
Evading anti virus detection in downloader scripts - zusy
Evading anti virus detection in downloader scripts - zusyEvading anti virus detection in downloader scripts - zusy
Evading anti virus detection in downloader scripts - zusy
 
NoCONName 2014 (Ncn2k14) Abraham Pasamar - Desmitificando el AntiVirus
NoCONName 2014 (Ncn2k14) Abraham Pasamar - Desmitificando el AntiVirusNoCONName 2014 (Ncn2k14) Abraham Pasamar - Desmitificando el AntiVirus
NoCONName 2014 (Ncn2k14) Abraham Pasamar - Desmitificando el AntiVirus
 
Navaja negra 2014_nn4ed_abraham_pasamar-desmitificando_el_anti_virus
Navaja negra 2014_nn4ed_abraham_pasamar-desmitificando_el_anti_virusNavaja negra 2014_nn4ed_abraham_pasamar-desmitificando_el_anti_virus
Navaja negra 2014_nn4ed_abraham_pasamar-desmitificando_el_anti_virus
 
AntiVirus Evasion Techniques Use of Crypters 2k14 at MundoHackerDay
AntiVirus Evasion Techniques Use of Crypters 2k14 at MundoHackerDayAntiVirus Evasion Techniques Use of Crypters 2k14 at MundoHackerDay
AntiVirus Evasion Techniques Use of Crypters 2k14 at MundoHackerDay
 
Evasion_AVs_Uso_de_Crypters-MundoHackerDay_2k14_apasamar
Evasion_AVs_Uso_de_Crypters-MundoHackerDay_2k14_apasamarEvasion_AVs_Uso_de_Crypters-MundoHackerDay_2k14_apasamar
Evasion_AVs_Uso_de_Crypters-MundoHackerDay_2k14_apasamar
 
Evadiendo antivirus - uso de crypters
Evadiendo antivirus - uso de cryptersEvadiendo antivirus - uso de crypters
Evadiendo antivirus - uso de crypters
 
Seminario análisis forense - quién se ha llevado mi archivo
Seminario análisis forense - quién se ha llevado mi archivoSeminario análisis forense - quién se ha llevado mi archivo
Seminario análisis forense - quién se ha llevado mi archivo
 

Recently uploaded

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

MODIFYING WHATSAPP MESSAGES FOR DUMMIES

  • 1. MODIFYING WHATSAPP MESSAGES FOR DUMMIES EDITING WHATSAPP CONTENTS ON A NON JAILBREAK IPHONE OR HOW TO FOOL FORENSIC EXPERTS REPORTS.
  • 2. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHO AM I ▸ Abraham Pasamar (@apasamar) ▸ INCIDE CEO ▸ Over 10 years hands-on experience as a Digital Forensic Investigator, Researcher, eDiscovery Consultant and Expert Witness ▸ Over 300 Expert Witness Reports and over 100 testify in court ▸ Experience in managing Computer Incidents, Internal Fraud, Data Loss and other Incidents in complex environments and high-profile cases. Both from a technical and client management perspective
  • 3. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP NUMBERS ▸ 2009 -> 2016 ▸ 0 -> 1 BILLION USERS !!! ▸ 2014 -> sold to facebook ▸ 19.000 MM $
  • 4. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP NUMBERS ▸ 2009 -> 2016 ▸ 0 -> 1 BILLION USERS !!! ▸ 2014 -> sold to facebook ▸ 19.000 MM $
  • 5. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS ▸ iOS: Home + Sleep/Wake button ▸ Android: Volume Down + Power button
  • 6. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS ▸ iOS: Home + Sleep/Wake button ▸ Android: Volume Down + Power button
  • 7. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS ▸ iOS: Home + Sleep/Wake button ▸ Android: Volume Down + Power button
  • 8. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS ▸ iOS: Home + Sleep/Wake button ▸ Android: Volume Down + Power button
  • 9. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS AS A DIGITAL EVIDENCE
  • 10. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS AS A DIGITAL EVIDENCE
  • 11. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS AS A DIGITAL EVIDENCE
  • 12. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS AS A DIGITAL EVIDENCE
  • 13. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS AS A DIGITAL EVIDENCE
  • 14. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS AS A DIGITAL EVIDENCE
  • 15. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS AS A DIGITAL EVIDENCE
  • 16. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP SCREENSHOTS AS A DIGITAL EVIDENCE can be faked !!!
  • 17. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP IN THE SPANISH COURTS ▸ Case number 300/2015 ▸ On May 19, 2015 Spanish Criminal High Court establishes the criteria to accept the probative value of screenshots or “snapshots"
  • 18. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP IN THE SPANISH COURTS ▸ The high court stated that it possible to simulate a communication in which a single user interacts with himself. ▸ It is essential to request an expert to run a forensic analysis of the contents and to provide an expert witness report.
  • 19. MODIFYING WHATSAPP MESSAGES FOR DUMMIES EXPERT WITNESS REPORT ▸ An expert in applying scientific, technical or medical knowledge to the purposes of law ▸ Computer forensics expert report
  • 20. IS IT POSSIBLE TO MODIFY WHATSAPP MESSAGES? MODIFYING WHATSAPP MESSAGES FOR DUMMIES ▸ Strong end-to-end encryption
  • 21. IS IT POSSIBLE TO MODIFY WHATSAPP MESSAGES? MODIFYING WHATSAPP MESSAGES FOR DUMMIES ▸ There are many articles written by security researchers describing how t modify whatsapp messages from a rooted or jailbroken device.
  • 22. MODIFYING WHATSAPP MESSAGES FOR DUMMIES HOW TO MODIFY WHATSAPP MESSAGES ▸ In a rooted or jailbroken device, it is possible to access directly the Whatsapp DATABASE, and use SQL commands to modify any message. SQLITE DATABASE
  • 23. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHAT CAN A FORENSIC EXPERT DO TO DETECT A JAILBREAK ▸ There are a lot of indicators to detect a Jailbreak: ▸ Presence of APPs (i.e. cydia, terminal, etc) ▸ Shell access ▸ Several files in filesystem
  • 24. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHAT IF THE EXPERT DETECTS A JAILBREAK ▸ Messages may have been modified, but maybe not ▸ The expert should look for traces of alteration ▸ Even in the case of not finding any evidences, it is possible that the messages have been modified. ▸ In this case, forensic experts are usually not able to be conclusive on the results
  • 25. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHAT HAPPENS IF THE DEVICE HAS NOT BEEN JAILBROKEN ▸ Expert can not access to the whole filesystem ▸ It is not possible to perform an extensive analysis ▸ Only the ‘backup’ files can be analyzed
  • 26. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHAT DOES THE EXPERT CONCLUDE IN THIS CASE? ▸ most experts will certainly be able to assess the integrity of the messages
  • 27. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHAT DOES THE EXPERT CONCLUDE IN THIS CASE? ▸ most experts will certainly be able to assess the integrity of the messages
  • 28. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHY? ▸ Because IT IS POSSIBLE to modify whatsapp messages in a NO-JAILBROKEN device
  • 29. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHY? ▸ Because IT IS POSSIBLE to modify whatsapp messages in a NO-JAILBROKEN device
  • 30. MODIFYING WHATSAPP MESSAGES FOR DUMMIES HOW ?
  • 31. MODIFYING WHATSAPP MESSAGES FOR DUMMIES HOW ?
  • 32. MODIFYING WHATSAPP MESSAGES FOR DUMMIES YES, YOU GOT IT !
  • 33. MODIFYING WHATSAPP MESSAGES FOR DUMMIES BACKUP IS THE KEY
  • 34. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP DATABASE BACKUP IS NOT ENCRYPTED
  • 35. MODIFYING WHATSAPP MESSAGES FOR DUMMIES WHATSAPP DATABASE BACKUP IS NOT ENCRYPTED AND THERE IS NO BACKUP MODIFICATION CONTROL
  • 36. MODIFYING WHATSAPP MESSAGES FOR DUMMIES IT’S DEMO TIME
  • 37. MODIFYING WHATSAPP MESSAGES FOR DUMMIES CONCLUSIONS ▸ Local backup modifications are posible ▸ No ease to fix, only if backup is related to the Device ▸ Forensic experts can be fooled