Windows 10 instant messaging application forensics

The way netizens communicate with each other deeper with the advent of Instant Messaging applications (IM apps). Thus, its flexibility and quick response on the IM apps has attracted the attentions of cybercriminal operations on the apps such as identity theft and phishing. The forensic investigation of instant messaging apps for the newest Windows 10 OS has been largely uninvestigated. Previous research dealt with dead analysis of the IM apps which did not guaranty accurate result for evidence. But, this research seeks to utilize the four stages of forensic investigation evidence: identification, collection, analysing and reporting. Furthermore, the study figured out data remnants from the top 1% Windows stores application software known as Facebook Instant Messaging apps on Windows 10 OS client machine. The research have focused on the volatile and nonvolatile artefacts with the aid of VM workstation version (VM) 9.0.0 build 812388 running Windows 10 (professional server pack1,64 bit, build 9600) while setting 2GB of physical memory and 20GB of hard disk. The research was be able to detect the kinds of terrestrial artefacts that are obtained after the use of Instant messaging services and software on the contemporary Windows 10 OS. The findings from this research will contribute to the forensic community’s understanding of types of terrestrial artefacts (login details, Installations, friend list, contacts, username, passwords, conversions etc.) which can be used on the establishment of evidence against the suspect on the court of law by forensic examiner.