Elcomsoft Explorer für WhatsApp Icon, zeigt Telefonhörersymbol und Smartphone-Symbol, Datenextraktion und Sicherung unterstützen.

Elcomsoft Explorer for WhatsApp

Sale price€79,00 EUR

Tax excluded. Shipping calculated at checkout

In stock
✆ Questions? Chat on WhatsApp now

Good to know

Here you will find important information about the product. If you have any questions, you can contact our customer service at any time.

Supported software

all generations of Apple's iPhone, iPad, iPad Pro and iPod Touch, first generation HomePod; Apple Watch and Apple TV 4 and 4K; all versions of iOS from 3 up to 17

Advantages of the Elcomsoft Explorer for WhatsApp

The leading investigative tool for WhatsApp data

The 'Elcomsoft Explorer for WhatsApp' (EXWA) offers access to the complete, decrypted communication recorded by WhatsApp under Windows. To access the data, the software can search for the data recorded by WhatsApp from several sources. This includes Android smartphones, online and offline backup files from iTunes and iCloud, but access to Google Drive and iCloud Drive backup files is also possible.

The tool supports both rooted and non-rooted Android devices. If the password is known, offline backup files are automatically decrypted. With an Apple ID and password or with a corresponding authentication token, the data can also be loaded directly from Apple's iCloud or iCloud Drive. Access to Google Drive backup files requires a login and password. Two-factor authentication is supported for Apple and Google accounts.

An implemented viewer displays all the data obtained quickly and clearly. Extensive filter options and sophisticated search options structure the data in order to identify relevant records quickly and precisely.

Methods of accessing WhatsApp data

'Elcomsoft Explorer for WhatsApp' supports the following methods of accessing WhatsApp data:

  • Direct extraction from Android smartphones
    Both rooted (Android 4.0-9.0) and non-rooted (Android 4.0-6.0.1) devices are supported. The devices must be unlocked for access.
  • Cloud capture of WhatsApp backups from Google Drive
    WhatsApp backups can be extracted and decrypted from Google accounts. This requires access to the registered phone number or SIM card. Google ID and password are required.
  • Extracts from local iTunes backupsEncrypted backups are automatically decrypted using the original password.
  • Online access to iOS backups via iCloud
    WhatsApp protocols can be extracted from iOS backups stored in the cloud. Access to WhatsApp data can be restricted before downloading so that you don't have to download the entire iOS backup first to access the WhatsApp data. You will need an Apple ID and password or a corresponding authentication token.[1].
  • Extract WhatsApp backups from iCloud Drive
    WhatsApp's own backups can be restored using the Apple ID and the associated password or authentication token[2]extracted from the user's iCloud Drive account and decrypted. This requires access to the user's registered phone number or SIM card.[1]

WhatsApp protocols are more secure than expected

The instant messenger WhatsApp is undeniably one of the most popular of its kind. Its international reputation and platform independence make it a popular target for (spam) attacks. More serious, however, is that criminal organizations also frequently communicate via WhatsApp. In at least one known case, a terrorist organization was exposed through intercepted WhatsApp protocols.

The Facebook subsidiary WhatsApp works with secure end-to-end encryption, which means that Facebook itself cannot be forced by law to release the data of WhatsApp users. The keyhole must therefore always be the end device, which is either directly available or can be accessed indirectly using data stored online.

  1. WhatsApp encrypts its backup files in the cloud. To decrypt the encrypted backups, a one-time access to the user's registered phone number or SIM card is required. The generated decryption key can then be used for all existing and future backups created on iCloud Drive (for Google Drive only existing ones). Alternatively, the encryption key of jailbroken iPhones can be encrypted using theElcomsoft iOS Forensic Toolkit-Keychain extraction.
  2. Binary authentication tokens can be extracted from desktop computers using the Elcomsoft Phone Breaker program. Extracting the token is also possible using the free trial version of Elcomsoft Phone Breaker.

WhatsApp data collection from Android devices

Elcomsoft Explorer for WhatsApp can read WhatsApp conversations directly from a wide range of Android devices. Since WhatsApp securely encrypts its databases, access to the root directory is recommended. If this is not available, Elcomsoft Explorer for WhatsApp can temporarily install a capture tool on the device to extract the decryption key.

With root access, Elcomsoft Explorer for WhatsApp can extract WhatsApp conversations from Android smartphones running Android 4.0 to 9.0. Without root access, compatibility is limited to Android versions 4.0 to 6.0.1.

WhatsApp Business for Android

WhatsApp Business extraction is supported for Android devices. Since WhatsApp Business is a separate app with a different security profile, Elcomsoft Explorer for WhatsApp requires root access to extract information directly from a physical Android device. Logical capture (backup files) as well as cloud extraction from Google Drive are available without root access.

Download WhatsApp's own backups

WhatsApp has the ability to create cloud backups of its database and store them in Apple iCloud Drive (iPhone) or Google Drive (Android devices). WhatsApp backups are associated with each phone number. This means that the number of WhatsApp backups available in the user's cloud depends on how many different phone numbers they use with an Apple account.

Elcomsoft Explorer for WhatsApp is able to extract and decrypt WhatsApp's own backups from Google Drive and iCloud Drive. To obtain the decryption key, a one-time access to the user's phone number or SIM card is required in order to receive a verification code.[1]Without code, conversation database will remain encrypted; only files (pictures and videos) and contacts (Google Drive) will be available.

  1. WhatsApp encrypts its backup files in the cloud. To decrypt the encrypted backups, a one-time access to the user's registered phone number or SIM card is required. The generated decryption key can then be used for all existing and future backups created on iCloud Drive (for Google Drive only existing ones). Alternatively, the encryption key of jailbroken iPhones can be encrypted using theElcomsoft iOS Forensic Toolkit-Keychain extraction.

Information available in WhatsApp databases

WhatsApp is an instant messaging application. Its databases contain information about peer-to-peer communications between users, including the following data:

Contents of WhatsApp databases

  • Sent and received text messages with contact IDs and timestamps
  • User's contact database with telephone numbers
  • Call log
  • Sent and received images and videos, with timestamps and contact IDs

Viewer and export

Elcomsoft Explorer for WhatsApp has a built-in viewer that supports WhatsApp databases from various sources. The viewer is equipped with instant filtering and advanced search features. Specific contacts, messages or conversations can be easily found by entering time periods or keywords in the search field.

The integrated export tool allows you to export WhatsApp data into an Excel-compatible XLSX file. Experts can then use these files to continue their investigations.

Safe shipping

We will send your package safely and well packed to your address.

Fast customer service

Our customer service is happy to answer any questions you may have.

100% security

With us you get absolute security, thanks to SSL encryption.

Secure payment

We offer you a secure payment in advance.