AbstractThe use of mobile devices and social media applications in organized crime is increasingly increasing. Facebook Messenger is the most popular social media applications used globally. Unprecedented time is spent by many interacting globally with known and unknown individuals using Facebook. During their interaction, personal information is uploaded. Thus, crafting a myriad of privacy trepidation to users. While there are researches performed on the forensic artifacts' extraction from Facebook, no research is conducted on setting Facebook Messenger applications as a default messaging application on Android. Two Android mobile devices were used for data generation and Facebook Messenger account was created. Disc imaging and data partition were examined and accessed to identify changes in the orca database of the application package using DB browser. The data were then generated using unique words which were used for conducting key searches. The research discovered that mqtt_log_event0.txt of the Com.Facebook.orca/Cache directory stores chat when messenger is set as a default messaging app. The research finding shows that chats are recorded under messages tab together with SMS of data/data/com.facebook.orca/databases/smstakeover_db and data/data/com.facebook.orca/databases/threads_db. This indicates that only smstakeover_db stores SMS messaging information when using messenger application. It is observed that once the user deletes a sent SMS message, the phone number and the deleted time stamp remained in the data/data/com.facebook.orca/databases/smstakeover_db database in the address_table are recoverable. The results suggest that anonymization of data is essential if Facebook chats are to be shared for further research into social media content.