Data Extraction and Analysis of Left Artifacts on Virtual PA Case Study

The fast-growing nature of instant messaging applications usage on android mobile devices brought about a proportional increase in the number of cyber-attack vectors that could be perpetrated on them. Android mobile phones store a significant amount of information in their various memory partitions such as sd card RAM NAND and user data respectively when IM applications such as WhatsApp Skype Facebook and Tango are executed on them. The research analyses Instant messaging applications on emulated Android devices using different forensics techniques. Deleted communication chats among the emulated devices were retrieved from their database sources such as userdata-qemu.img userdata.img sdcard.img among others. The research findings revealed that instant messaging applications leave data as potential digital evidence on emulated Android devices even when the chat is deleted.