Abstract
The everyday rise in third-party applications across different app stores,
mobile operating systems, mobile hardware, and application versions themselves has
not only prompted but to a certain degree, necessitated the digital forensics community
and digital forensics researchers to investigate various applications that are not
inherently supported and parsed by commercial forensics tools. Apart from the
capabilities associated with various forensic tools, depending on the case, many
forensic investigators may come across the most unthought-of third-party applications
for investigation. The only questions then would be: 1) How to parse such data? 2) Is
there anything of forensic value? And 3) Some third-party application manufacturers
claim that they encrypt data. However, due to the lack of time and technology, in some
instances, when there is no access to or knowledge of the decryption method, where
and how do find data pertinent to the investigation? Depending on the circumstances
mentioned above, is it crucial to come to a firm conclusion about how and where some
data resides for certain third-party applications, regardless of what the manufacturers
claim. There is a plethora of third-party applications out right now that are utilized by
people for a variety of purposes, whether it is for good or bad. Oftentimes, as forensics
practitioners, it is our job to dig down and hunt for data that can give us some insight
into what was going on in the device, related to a particular application. These
applications may offer capabilities such as geolocations, communications, networkrelated artifacts, etc., that can be of value to certain cases.
Keywords: Chat application, Evidence, Encrypted message, End to end encryption, Mobile forensic, Private chat.