Digital forensics on facebook messenger application in an android smartphone based on NIST SP 800-101 R1 to reveal digital crime cases

Abstract

Android is the world's most popular system of operation. In the Android system, communication applications can be installed, for example, Facebook Messenger, which is one of the most popular communication applications with 988 million active users. As a medium for communication and data exchange, the Facebook Messenger application may be misused by unauthorized parties for cybercrime. This action is usually done to obtain a one-sided profit for unauthorized parties. After doing cybercrime, cybercriminals will delete all of the data to remove digital evidence. Digital forensics serves the challenge of uncovering evidence in investigations. Digital forensics on the Facebook Messenger application is needed to help the authorities organize digital evidence when the disclosure process is performed. The data revealed through the digital forensics process can reinforce existing evidence in a court. In this research, digital forensics on the Facebook Messenger application was conducted with data deletion scenarios and application uninstall scenarios. The results are digital evidence in the form of Facebook Messenger application information, photo, and video sent by the cybercriminal. The conversation and audio evidence could not be located because there was no rooting process, or the smartphone was in an untied state. When the uninstall process was carried out, the smartphone automatically deleted all the data including thumbnails. However, the digital forensics process in an unrooted state on the Facebook Messenger application can still produce digital evidence that can be used in the court.