Giters

sathwikv143 / Autopsy-Whatsapp-Plugin

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

autopsypluginpythonforensicsartifacts

Autopsy-Whatsapp-Plugin

Autopsy plugin to extract artifacts from WhatsApp desktop application on Windows.

Functionality

  • Parses the raw log file created by the application in windows and present it in autopsy.
  • Get date and time stamps of each artifact.

Log file location

Windows:

C:\Users\<username>\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\{#######}.log

Mac:

/Users/<username>/Library/Containers/desktop.WhatsApp/Data/Library/Application Support/WhatsApp/IndexedDB/file__0.indexeddb.leveldb/{######}.log

All the artfacts extracted are based on the reseach paper available here

About

autopsypluginpythonforensicsartifacts

Languages

Language:Python 100.0%