The Mueller report produced in March, which totals 448 pages, is continually being analyzed and broken down. An article written by Kevin Collier details the use of encrypted messaging applications used by the parties investigated by Mueller and his team, and what that meant for the investigation.
Collier’s article details how Mueller and his team were able to gain access to some conversations/communications by obtaining the proper legal documents to seize and examine some of the recipients’ devices. One of the issues that Mueller and his team encountered was that several of the secure messaging applications used do not retain messages for an extended amount of time unless the user chooses to save them. It was discovered many communications during the timeframe of interest were deleted, along with any potential backups.
Encrypted messaging applications such as WhatsApp and Signal can be difficult to recover existing communications from let alone deleted communications. These applications utilize the Signal Protocol, which ensures that communications are sent and received in an encrypted format. These applications also allow for the user to delete their message history, individual chats, and single or multiple messages in a thread, all while storing the information on encrypted databases on a device. In some cases, decrypting the databases is possible but highly unlikely without the proper decryption key.
Without the communications to back up stories relayed to the special counsel and investigators, there was not much that could be done to prove if what they were being told was accurate or not. A quote from Mueller’s report, detailing communications between former White House Chief Strategist Steve Bannon and American businessman Erik Prince reads: “The conflicting accounts provided by Bannon and Prince could not be independently clarified by reviewing their communications, because neither one was able to produce any of the messages they exchanged in the time period surrounding the Seychelles meeting.”
One of the methods that we employ when attempting to recover or retrieve communications that occurred through encrypted messaging applications is to analyze potential backups that were made. The capabilities to generate a backup of messages vary depending based on the messaging service used.
Email: firstname.lastname@example.org Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology