Ephemeral messaging applications are growing increasingly popular on the digital mobile market. However, they are not always used with good intentions. Criminals may see a gateway into private communication with each other through this transient application data. This could negatively impact criminal court cases for evidence, or civil matters. To find out if messages from such applications can indeed be recovered or not, a forensic examination of the device would be required by the law enforcement authority. This paper reports mobile forensic investigations of ephemeral data from a wide
range of applications using both proprietary and freeware forensic tools. Both Android and iOS platforms were used in the investigation.
The results from the investigation uncovered various artefacts from the iOS device including account information, contacts, and evidence of communication between users. The Android device uncovered evidence of communications, and several media files assumed to be deleted within a storage cache in the Android file system. The forensic tools used within the investigations were evaluated using parameters from the National Institute of Standards and Technology’s (NIST) mobile tool test assertions and test plan
