The PF (Federal Police) uses several technological tools that allow access to data from cell phones of those being investigated, even when they are protected by a password, turned off or blocked. In an interview with CNN Prime Timedigital crime expert Wanderson Castilho explained how this data extraction process works, which has been used in cases like Master’s.
According to Castilho, in Brazil, only the PF, Civil Police and the Public Ministry are authorized to use software specialized in password cracking and data extraction. The programs used make systematic attempts to discover passwords or exploit them.
How security breach works
The expert explained that there are basically two ways to break the security of a cell phone. “When the cell phone is on and the password has already been entered and then locked, this makes it easier to identify the passwords, which are in memory”, he detailed. The second, more complex form, occurs when the equipment is turned off and needs to be turned on again without entering the password.
Wanderson Castilho also clarified an important point about . Although apps like WhatsApp ensure that communications are encrypted during transmission, when the message reaches the recipient’s device, it is decrypted. “If I have the possibility of finding your password in some way, some technique, I will find those decrypted messages”, explained the expert.
Recovery of deleted messages and photos
A relevant aspect covered in the interview was the possibility of . According to the expert, conventional messages that have been deleted can be recovered by forensic software. However, messages sent with the “single view” function are not recoverable, as they are stored on the server of Meta, the company that owns WhatsApp.
The expert also commented on a technique used by those investigated: taking screenshots of conversations on a notepad and sending them as a single view. In this case, although the original message cannot be recovered, the print can be found on the device, even after being deleted. “When you take a print, it becomes a photo, and even if you delete it, the tool has the possibility of recovering this deleted photo”, he stated.
When asked about the traceability of the messages, Castilho was categorical: “The traceability of the message is completely possible. From the moment I have the equipment, I have it unlocked, I can know exactly to which sender and recipient these messages were exchanged, for any type of attachment, whether it was audio, whether it was a photo and at what moment, at what time, all of this, yes, is tracked.”
