Mobile-Forensics

WhatsApp is rolling out passkey-encrypted chat backups for iOS and Android, letting users protect backup restores with Face ID/Touch ID, Android biometrics, or the device screen lock instead of a password or 64-digit key (BleepingComputer; The Verge). End-to-end encrypted (E2EE) backups themselves aren’t new-WhatsApp shipped them in October 2021 with a password or 64-digit key option and an HSM-backed Backup Key Vault design (Meta Engineering)-but the gate to restore is now a platform passkey instead of something you type. Enable path remains: Settings → Chats → Chat backup → End-to-end encrypted backup (BleepingComputer).

You often investigate incidents where a DJI aircraft is involved-flyaways, near-misses, restricted-area incursions, or simply reconstructing pilot actions. The DJI Fly app (dji.go.v5) is the default ground-control app for most recent DJI consumer drones, and it quietly records rich telemetry you can extract, preserve, and analyze for DFIR.

This guide shows you how it works, where to find the artifacts, and how to process them with current tools-on Android, iOS, and DJI RC-class smart controllers. You’ll also learn the common traps (Android scoped storage, missing DAT files, cropped logs, and cloud policy changes in the U.S.) and practical workflows to avoid data loss.

End-to-end encryption (E2EE) protects message content in transit, but mobile devices still maintain local state to function. On a physical or full file-system acquisition, you can frequently recover accounts, device identifiers, contact and group identifiers, message timing, call history, media references, and even local key material or key handles. Your goal in DFIR is to turn these device-resident artifacts into defensible timelines of who communicated with whom, when, and how often.

MSAB’s Q3 2025 release introduces BruteStorm Surge, a GPU-accelerated brute-force add-on for XRY Pro that targets long/complex passcodes, alongside major suite updates: XAMN 8.3 adds cross-app conversation threading and support for Cash App warrant returns; UNIFY 25.9 can ingest Cellebrite UFDR and GrayKey extractions; and XEC 7.15 brings role-based access control (RBAC). These capabilities are confirmed in MSAB’s official update and the initial news brief. See MSAB’s release post and feature breakdown (MSAB Q3 2025; Forensic Focus news).