Skip to main content

WhatsApp Forensic Tool

A powerful, cross-platform forensic tool for extracting, decrypting, and analyzing WhatsApp backups from Android devices. Works seamlessly on Windows, Linux, macOS, and directly on Android via Termux.

Key Features

Zero-Config Installation

Automatic Python and ADB setup with virtual environment isolation

Cross-Platform Support

Run on Windows, Linux, macOS, or directly on Android via Termux

Advanced Decryption

Supports crypt12, crypt14, and crypt15 database formats

Automated Extraction

Scans and extracts WhatsApp and WhatsApp Business backups via ADB

Interactive Viewer

Browse decrypted chats with SQLite parsing and contact mapping

Multi-Format Export

Export conversations to HTML, CSV, JSON, or TXT formats

Quick Start

1

Clone the Repository

Download the tool from GitHub to your local machine
git clone https://github.com/cedroid/whatsapp-forensic-tool.git
cd whatsapp-forensic-tool
2

Launch the Tool

Run the platform-specific launcher script
start.bat
3

Connect Your Device

Enable USB Debugging on your Android device and connect via USB
The tool will automatically detect connected devices and set up ADB if needed
4

Extract & Decrypt

Follow the interactive menu to scan, extract, and decrypt WhatsApp backups

Platform Guides

Choose your platform to get started:

Windows

Setup and usage guide for Windows systems

Linux & macOS

Setup and usage for Unix-based systems

Android (Termux)

Run directly on Android devices via Termux

Core Capabilities

Automatically detects connected Android devices via ADB, retrieves detailed device information including model, manufacturer, Android version, battery level, storage, and installed WhatsApp packages.
Scans multiple user profiles for WhatsApp Messenger and WhatsApp Business backup files. Extracts msgstore.db.cryptXX databases and associated media files from accessible storage locations.
Decrypts WhatsApp backup databases using 64-character hexadecimal keys. Supports crypt12, crypt14, and crypt15 formats with AES-GCM and CBC cipher modes.
Parse decrypted SQLite databases to view chat history, contacts, and messages. Export conversations to multiple formats (HTML, CSV, JSON, TXT) with media file linking.

Use Cases

Digital Forensics

Analyze WhatsApp communications for legal and forensic investigations

Data Recovery

Recover lost or deleted WhatsApp conversations from backup files

Security Research

Study WhatsApp encryption and backup mechanisms for security analysis

Personal Backup

Export and archive your own WhatsApp chat history
This tool is intended for educational and forensic analysis purposes only. Only use this tool on devices you own or have explicit permission to analyze. The developer assumes no responsibility for unauthorized use or data loss.

Next Steps

Installation Guide

Detailed installation instructions for all platforms

Quick Start Tutorial

Get up and running with your first extraction

API Reference

Explore the core modules and their functions

Troubleshooting

Solutions to common issues and errors

Build docs developers (and LLMs) love

Get started for freeTalk to us