Abstract

The everyday rise in third-party applications across different app stores, mobile operating systems, mobile hardware, and application versions themselves has not only prompted but to a certain degree, necessitated the digital forensics community and digital forensics researchers to investigate various applications that are not inherently supported and parsed by commercial forensics tools. Apart from the capabilities associated with various forensic tools, depending on the case, many forensic investigators may come across the most unthought-of third-party applications for investigation. The only questions then would be: 1) How to parse such data? 2) Is there anything of forensic value? And 3) Some third-party application manufacturers claim that they encrypt data. However, due to the lack of time and technology, in some instances, when there is no access to or knowledge of the decryption method, where and how do find data pertinent to the investigation? Depending on the circumstances mentioned above, is it crucial to come to a firm conclusion about how and where some data resides for certain third-party applications, regardless of what the manufacturers claim. There is a plethora of third-party applications out right now that are utilized by people for a variety of purposes, whether it is for good or bad. Oftentimes, as forensics practitioners, it is our job to dig down and hunt for data that can give us some insight into what was going on in the device, related to a particular application. These applications may offer capabilities such as geolocations, communications, networkrelated artifacts, etc., that can be of value to certain cases.