Case Overview:
Client is a leading law enforcement agency in India. Client has received a hint about a particular drug dealing case. The conversations about this deal were happening via WhatsApp messages. Unfortunately, all the messages were being deleted and there was no way to prove the crime. Recovering these deleted chat messages could prove to be important evidence to stop illegal activities.
Case Challenges:
The case was challenging in terms of technology and the process used. WhatsApp, as we all know has high end security built-in for all chat messages. The messages are end-to-end encrypted. Forensics on mobile applications that are secured with encryption require specialists to handle it.
As one of the leading Digital Forensics companies in India, ECS was approached to help recover some of the messages that were highly inaccessible in WhatsApp.
Here are the steps followed and the challenges faced by ECS to recover the deleted chat:
- Our experts visited the location of the crime and collected the mobile phone with COC (Chain of Custody)
- The mobile phone was then submitted for forensics purpose.
- The condition of the phone was not suitable for immediate action:
- It was Jammed (in flight mode)
- It was Network Jammed (Faraday Bag)
- Disconnected from the network
ECS’ task at hand was to first access this inaccessible device and then recover the deleted mobile chat which could be used by the law enforcement agency as evidence to prove a planned illegal activity.
How did Ecs Provide a Solution?
Mobile devices are becoming more and more essential part of forensic evidence these days. Many pre-planned illegal activities have some or the other communication over mobile phones – either call, chat messages, videos, images etc. Mobile devices are also store houses of a person’s personal information and professional data. ECS helps with accurate and advanced mobile forensics by helping with the retrieval of trivial information that can help law enforcement agencies to prove a crime or an illegal activity. ECS follows a well-defined process for mobile forensics:
- Seizure of the mobile device
- Identified and extraction of the evidence
- Used physical extraction to recover WhatsApp deleted chat, videos, images and call history.
- The data was retrieved within 1-3 working days.
- A complete analysis and report were submitted to client.
Result:
ECS analyzed the client’s requirements and developed a detailed plan to retrieve the information required. Mobile forensics requires the expertise of mobile technologies. We used mobile forensics tools such as UFED Cellebrite, Mobile Edit, Oxygen Forensic. We also provided a final analysis report for the case being investigated.
Conclusion:
With mobile forensics, ECS was able to help the law enforcement agency with the evidence they required for stopping an illegal activity. Our experts were able to successfully recover the deleted chat from WhatsApp.
ECS specializes in mobile forensic services. We are one of the best Digital Forensic Companies in India and offer services to all types of businesses across the globe. We recognise the threats that are common for your industry-type and start working on the same for delivering higher efficiency and productivity. We also offer services for data recovery from electronic devices that could be helpful as evidence or for the purposes of data protection.