I was recently approached with a device that had the Threema application on and they wanted to extract the messages for it. The usual mobile forensics tools had failed to extract this information. TLDR: Extract the master_key.dat from the apps “files” folderConvert the file to a hex stringDecode it as a protobuf file using https://protobuf-decoder.netlify.app/ExtractContinue reading “Decrypting Threema4.db”
Category Archives: Uncategorized
Decrypting Mega Preferences (Part 2)
The first post seemed to gain a lot of attention from people, with someone from a Police force contacting me to help with one of their cases, so I’ve spent a little time making the script into more of a finished product than a POC. The new script can be found here and is nowContinue reading “Decrypting Mega Preferences (Part 2)”
SQLite Databases at hex level
My recent post on “Timelining using SQLite Write Ahead Logs” highlighted how much background information is required to deal with SQLite databases. This post is going to give a more in-depth overview of the structure of the SQLite 3 file format. It should take you from knowing very little about SQLite databases to being able toContinue reading “SQLite Databases at hex level”
New Blog!
Hi and welcome to the first post of my new blog! I’m hoping this will be the first of many posts, although this will be the only one where nothing forensic/investigative will be posted. I’ve worked in Digital Forensics/Investigations for a number of years and over this time I’ve created new tools and encountered someContinue reading “New Blog!”
AskClees 