One of my friends asked me to do a favor for her. She said her friend deleted some important chat messages by “accident”, and her friend want to recover those deleted messages as soon as possible…
I took a look at this android phone. My God, lots of instant messaging app on it. Let’s see what Top commercial forensic tools(Uxxx or Xxx) could do about those IM. Somehow a little disappoint about those tools, they could not even notice some IMs exist in that phone(not mention about hidden chat messages encrypted). I do understand they only support popular IMs, so I have to investigate it on my own.
Like I always say, we have to take advantage of tools, not just rely on tools to find out evidence. Guess what? I exported chat message database from phone image files and used WinHex to find those important deleted chat messages.
I show her what I found and she’d appreciate my kindly help very much.
浙公网安备 33010602011771号