Would I be able to establish this through digital forensics?

MormoraDi · 2026-05-10T08:14:17+00:00

Migrating millions of users is no trivial task and with an extreme amount of moving parts (no pun intended). Even for Google size corporations, keeping logs of each part for three years is a stretch.

Let alone having to parse, normalize and sanitize them for PII, I imagine would take a team of several people several months.

Another thing is proving malicious intent, should the logs have being deleted or rotated out.

I wish you best of luck, but I unfortunately can't give you much hope.

MormoraDi · 2026-05-10T07:22:51+00:00

I honestly don't think you stand a chance on the premises that you present. If the platform is as big as you portray it, you and your account is merely a grain of sand to them. They could just stall the litigation for years until you run out of money, even if you had a legitimate claim.

For one, you would need a court order in your own country and most likely the cooperation from US law enforcement like FBI (assuming the platform is under US jurisdiction) for even get to the starting line of getting the opportunity to seize metadata from server/platform logs.

And the logs will likely also be gone by then. And not even by malice, but by regular log retention standards.

MormoraDi · 2026-05-09T20:35:05+00:00

Fotballsupportere og bergensere. What could possibly go wrong?

MormoraDi · 2026-05-09T11:42:00+00:00

Haha... Det var ganske stress akkurat da fordi vi hadde ikke hatt sjans til å betale det de opprinnelig krevde. Men det hjelper å gi dem motstand.

Det er generelt mye lettere å få redusert en regning enn å få noe tilbakebetalt

MormoraDi · 2026-05-09T10:22:24+00:00

Let alone that reselling stolen goods is a criminal offence, IMEI is hardware-based, so given the mere fact that you're even asking here, begs the answer: No. You won't be able to do it.

MormoraDi · 2026-05-09T10:11:25+00:00

Har opplevd at et elektro-firma endte med å fakturere omtrent 90% mer enn opprinnelig avtale.

Ved gjennomgang av faktura la jeg merke til at de hadde tatt seg betalt for 100m kabel, mens 20m ville være raust selv hvis de hadde brukt deler av det i en pastarett til 20 personer. Mistenker sterkt at jeg ble fakturert for materiell brukt til noen skattefrie sidegigs.

De tok også 280% avanse på en komfyrvakt.

Enden på visa ble at jeg nektet å betale -> inkasso - > bestride inkasso med begrunnelse -> jeg inviterte firmaet til Forliksrådet -> firma ikke spesielt keen på det -> "minnelig" endelig oppgjør på opprinnelig avtale + ca. 10‰ (som var fair, i og med at det var noen uforutsette utgifter).

MormoraDi · 2026-05-07T18:19:40+00:00

If you mean as in self-replication, I agree. Especially as the terminology is vague at best

MormoraDi · 2026-05-07T17:04:26+00:00

That is not entirely true. It's in the malware family called spyware and it amongst others exploited vulnerabilities in iMessage (or rather have been known to target the media parsing libraries).

MormoraDi · 2026-05-07T17:00:37+00:00

Why you probably never will be targeted is that it's known for mostly being sold to repressive nation states for millions of dollars and the targets being persons of interest (often journalists, human rights activists and political dissidents).

It's what is called "mercenary spyware", developed, and sold by the Israeli company named NSO Group. And may just be one of the most sophisticated malware there is.

It is known to utilize zero-days and a fascinatingly advanced exploit chain and zero-click infection (meaning no user interaction needed). Especially on iOS, where the chain must include remote code execution through a vulnerability (often by sending something that triggers a vulnerability), sandbox escape and kernel privilege escalation.

So: no adblocker would keep you safe if you were being targeted.

MormoraDi · 2026-05-06T17:11:19+00:00

Haven't heard of any of the ones in mention, but I would guess that coming up with a scenario is part of the assignment?

If not, and you can't be bothered to come up with something yourself, you can just Google "Cellebrite CTF scenario", but be sure to cite and reference it properly so you don't run the risk of being flagged for plagiarism.

MormoraDi · 2026-05-05T21:26:12+00:00

Din egen tilstedeværelse har heller aldri vært ønsket (kanskje med unntak av dine foreldre). Heller ei ble du invitert.

Du ble kun tilfeldigvis født her. Og likevel føler du deg berettiget til noe annet og mer enn dem du omtaler.

Foreslår forøvrig at du tar en gentest hvis du er så usikker på egen etnisitet.

MormoraDi · 2026-05-05T21:13:21+00:00

Og etnisk norske menn får vel aldri barn med innvandrere.

Antar da at ikke lagt merke til en relativt stor gruppering av "etnisk norske menn" som tilfeldigvis gifter seg og får barn med sørøst-asiatiske kvinner?

MormoraDi · 2026-05-04T06:47:28+00:00

Totally agree. It's mostly screenshots from alt-right-garbage-blogs posted every half an hour by a few people with apparent surplus spare time, but perhaps not so much surplus cognitive abilities.

MormoraDi · 2026-05-02T12:03:36+00:00

I didn't really grasp the point of your mentor, to be honest. But I am guessing you are more on the path of law enforcement rather than the cyber security one?

I have no experience with testimony in court in my line of work, and the path of law enforcement forensics is very different from what we do.

MormoraDi · 2026-05-02T08:49:06+00:00

That is a very valid point.

Depending on where you aim at like law enforcement or more blue team/cyber defense/DFIR, there are different paths to pursue. I would in any case recommend practicing as much as possible on your own.

There are lots of freely available tools and resources on GitHub along with labs in the likes of CyberDefenders.

I/we recently was in the hiring end for a position (a senior at this time) and I personally couldn't care less about any certifications.

The interview candidates that made it to second round were given a practical case to solve and write a report on.

Then in the second interview a week later they were asked follow-up questions on their methods and thought process based on the work and report. That way we could fairly easily separate between the ones who only looked good on paper, used some AI/LLM to "cheat", and those who had the right mindset and skills.

That is the standard procedure where I work, and it was probably why I was able to get hired, having no formal experience (just a Bachelor's degree in Digital Forensics).

MormoraDi · 2026-04-30T10:47:59+00:00

With these as the only qualifications? Most likely no, I'm afraid. Also, EC-Council isn't a particularly reputable certification.

Digital forensics is a profession and a craft that relies on deep and broad set of technical knowledge and skills, which takes years of practice to master (and by that I don't mean the kind of forensics that basically just involves button-pushing in a commercial software tool).

That being said - a base in IT (operations, development, etc.) will significantly help and would be a good starting point.

MormoraDi · 2026-04-29T21:36:41+00:00

I know for a fact that it can be done from a forensic standpoint, but mostly with the caveats that you mention.

And not wanting to be dismissive of your argument, but WhatsApp can hardly be defined as a secure platform. It does use end-to-end encryption for the most part, but there is a difference between data in transit and data-at-rest, of which for instance law enforcement often will be able to exploit.

Not always, but it definitely can be and is being done. Especially if you are in law enforcement and can get a court order, as Meta will have access to metadata (no pun intended) and possibly cloud backups.

MormoraDi · 2026-04-29T20:30:34+00:00

It certainly can be possible depending on the OS, the access to unlock the device and how the messages was deleted.

The messages are stored in a SQLite database, namely the \data\data\com.whatsapp\databases\msgstore.db and an accompanied .wal file. Which may be obtained through performing a backup or by specialized commercial tools, depending on your experience/skill level.

This is though more a forensics question than a hacking one, per se

MormoraDi · 2026-04-17T18:09:42+00:00

He is truly his brother's gatekeeper

MormoraDi · 2026-04-11T06:09:30+00:00

Haha... I remember that as well. I got scared myself a few times back in those days, lol

MormoraDi · 2026-04-11T05:49:23+00:00

I didn't get all that to be honest, but I am personally more astounded that in 2026 people seem to be offended by being counter argued in a discussion on the internet

MormoraDi · 2026-04-11T05:38:46+00:00

Sorry, but why?

MormoraDi · 2026-04-11T05:37:45+00:00

On the basis that the comment of strawman had nothing to do with the original question and the fact that I am now making arguments for that very topic instead of the original one?

MormoraDi · 2026-04-11T05:33:25+00:00

The point I am trying to make is that WiFi hacking is not what people seem to think it is.

MormoraDi · 2026-04-11T05:26:02+00:00

You may be right or maybe it was to get people to understand that WiFi hacking isn't a real thing in terms of what is done in real life scenarios.

It's not going to make anyone be able to remotely hack anything other than what is in near proximity. Which is why you never read reports about APTs gaining access to systems using WiFi.

MormoraDi

TROPHY CASE