“If your iPhone is ever obtained by the police, and they have the legal authority to search it, law enforcement can sometimes find information you believe you deleted — even from encrypted chat apps like WhatsApp.”
Recently a case has come to disclose where exactly our WhatsApp deleted messages go when we think they’re completely out of access. You can tap on this link and read the full story; but first have a glance at what we have here.
We call chat apps like WhatsApp the “extraction apps”. And the truth is that when the so-called authorities recover the messages, they find them scrambled or out of order, due to the encryption features of the WhatsApp messages.
“Such “extraction” software – typically forensics tools created by the likes of Israel’s Cellebrite and Atlanta-based Grayshift – will look for remnants of files in different smartphone databases. Online records indicate the technology to get deleted WhatsApp messages from an Apple iOS database has been available to law enforcement and private organizations that own a Cellebrite Physical Analyzer tool for at least the last two years.”
In order to understand this part, you should know what the mentioned terms mean:
- Cellebrite
Is a cell phone extraction technology widely used by law enforcement to extract and organize the contents of seized cell phones. Law enforcement uses Cellebrite technology to sort through the contents of a cell phone in order to compile evidence. (https://www.pissetzkylaw.com)
- The UFED (Universal Forensics Extraction Device)
Is a product series of the Israeli company Cellebrite, which is used for the extraction and analysis of data from mobile devices by law enforcement agencies. Cellebrite UFED. Cellebrite UFED device for extracting forensics information from mobile devices (Wikipedia)
- Grayshift solutions
Are purpose-built to help law enforcement and government investigative agencies swiftly resolve critical investigations and ensure public safety. The company’s innovative GrayKey technology provides same-day access, complete control, and comprehensive data extraction from mobile devices. (www.cbinsights.com)
So this is what happens behind the closed door: when we delete whatsapp messages on an iPhone, rather than disappear completely, they get restored in an iOS database called “chatsearch” and Cellebrite’s technology can recover all that but in a fragmented order.
On the other hand, we have one of the Cellebrite spokesperson claiming all these investigations depend on the OS and phone model.
Meanwhile about Android phones which do not have “chatsearch”, these techniques can’t be applied to them.
Meta and Google are still silent and both declined to comment.
We live in strange times man!