As we know that WeChat will wipe deleted chat messages. That's why forensic guys could  not dig out any deleted chat messages in EnMicroMsg.db. Is it possible to let those deleted chat messages show up again?

For performance's sake, WeChat will created index for better user experience. That's the key point for forensic guys to recover those deleted chat messages or contacts. Let me show you where the index exists as below.

Look into the table "FTS5IndexMessage_content"  and "FTK5IndexContact_content" and we could find all chat messages and contacts. No doubt those deleted chat messages or contacts still exist in these tables. Suspect may delete chat messages but no way he/she could delete index database.

Of course suspect may uninstall WeChat and its folder "com.tencent.mm" will no longer exists. But forensic guys could still recover content of WeChat by deep recovery on image acquired from an Android phone.

Those manufacturers of Mobile Forensic software should take it into consideration and their tools won't miss the deleted WeChat chat messages again.

Dig out WeChat deleted chat messages on Android Phone的更多相关文章

  1. WeChat 6.3 wipe deleted chat messages as well as LINE 5.3 and above

    Let me show you the WeChat version first. It is 6.3. What will happen to WeChat deleted chat message ...

  2. Dig out deleted chat messages of App Skype

    Last month Candy was arrested on suspicion of having doing online porn webcam shows, but Candy refus ...

  3. Let's see if we could reocver Line 5.3 and above deleted chat messages or not

    Forensic is a strict science and we should let the evidence speak for itself. Several months ago I s ...

  4. dig out deledted chat messages

    One of my friends asked me to do a favor for her. She said her friend deleted some important chat me ...

  5. No deleted LINE chat messages recovered on iOS 9.1 after UFED extraction

    The evidence is iPhone 5s with iOS 9.1 and not jail breaked. I use UFED to do advanced logical extra ...

  6. How to extract WeChat chat messages from a smartphone running Android 7.x or above

    A friend of mine she was frustarted in extracting WeChat chat messages from suspect's smartphone run ...

  7. how to extract and decrypt WeChat EnMicromsg.db on Android phone

    One of my friend came to me with an Android phone. She saild somehting wrong with the hardware of he ...

  8. Android Malware Analysis

    A friend of mine asked me help him to examine his Android 5.0 smartphone. He did not say what's wron ...

  9. 微信破解,解密?How To Decrypt WeChat EnMicroMsg.db Database?

    20元现金领取地址:http://jdb.jiudingcapital.com/phone.html内部邀请码:C8E245J (不写邀请码,没有现金送) 国内私募机构九鼎控股打造,九鼎投资是在全国股 ...

随机推荐

  1. windows 命令行打开浏览器

    在命令行打开百度 start chrome www.baidu.com

  2. 2.移植uboot-添加2440单板,并实现NOR、NAND启动

    上章分析了uboot启动流程后,接下来便来配置新的单板,实现nor.nand启动 1.首先在uboot里新建单板2440 : cd board/samsung/ cp smdk2410 smdk244 ...

  3. centos7 卸载home 扩大root空间

    =============================================== 2017/11/1_第1次修改                       ccb_warlock == ...

  4. vue2.0父子组件以及非父子组件如何通信

    1.父组件传递数据给子组件 父组件数据如何传递给子组件呢?可以通过props属性来实现 父组件: <parent> <child :child-msg="msg" ...

  5. ajax调用数据案例,二级联动

    题目:请针对移动端web浏览器制作一个结账数据信息展示页面 要求: 1. 页面样式除不使用表格呈现外,可自由选择其他呈现方式 2. 需符合移动端操作习惯 3. 可根据服务区.门店查询结账信息 4. 可 ...

  6. centos 打包RPM包 ntopng

    需要在centos7上,将ntopng及其依赖的包一起打包成rpm包,了解centos7打包. 1.执行: yum -y install rpmdevtools  安装rpm工具 2.接下来执行:rp ...

  7. TCP协议(二)——TIME_WAIT状态

    当TCP主动关闭套接字时,采用四步握手机制来彻底关闭连接.如图: 客户端主动关闭连接,发送FIN段到服务端.TCP状态由ESTABLISHED(连接状态)转为FIN_WAIT1(表示,发送的FIN需要 ...

  8. promise入门demo

    <!DOCTYPE html> <html> <head> <title></title> </head> <body&g ...

  9. Head First设计模式之抽象工厂模式

    一.定义 给客户端提供一个接口,可以创建多个产品族中的产品对象 ,而且使用抽象工厂模式还要满足一下条件:     1)系统中有多个产品族,而系统一次只可能消费其中一族产品.      2)同属于同一个 ...

  10. gcc编译器用法

    一个用c语言写的程序把他编译成计算机可执行的文件,一般有4个步骤 /*================================================================ ...