Showing posts from December, 2011

WhatsApp Xtract

I don’t want to bore you explaining what is WhatsApp . If you have this serious gap, you can fill it here .  Forensically speaking, WhatsApp was a very cool app until the last June. After that, someone had decided to add the extension “crypt” to such excellent source of information which was msgstore.db . This database stores information about contacts and also entire conversations. But simply opening it with SQLite Browser , you can have some troubles in extracting a single chat session with a desired contact, or in reordering the messages. My last python script wants to overcome these problems, avoiding to deal with complex SQL queries. Now, you need only to decrypt that file! Go to the repo.

Exif Summarizer

Exif metadata are wonderful. Just think about all the fields listed in the Exif standard: a great bunch of information is available for each image. When the picture was taken? And where? And what camera was used? And what were the f-stop and exposure settings? And who was the photographer? ... damn! Why the author field is always empty? Anyway...Exif metadata are definitely marvelous. The problem is that commonly, pictures and related metadata are too numerous and this prevents an efficient inspection of the files during a digital investigation. So there is a need of aggregation of the information: for the picture content the problem is hard, also using machine learning algorithms. But in the case of metadata, a smart way to show them can alone lead to evidence discovery, or at least to form a suspicion! And that is what EXIF summarizer tries to do: given a directory (the root directory is fine), it recursively scans all the folders, reads the EXIFs and composes a table wi