Forensic Analysis of Tencent QQ: Investigating New Mobile Features for Evidence Collection on Android and iOS Devices

Tencent QQ, established in 1999, ranks among the most extensively utilized instant messaging applications globally. At its peak, it attracted approximately 900 million users QQ900. Despite the emergence of numerous similar applications such as WeChat, QQ continues to hold a strong position within business and interest-based communities, particularly appealing to young adults. Forensic examinations of QQ have been ongoing since 2009, primarily addressing its memory function, instant messaging capabilities, and desktop version. However, there is a notable lack of thorough research on the many beneficial functions of the mobile version of QQ on both Android and iOS platforms. Additionally, online fraudsters, especially scam groups in Southeast Asia, have taken advantage of the app. Inadvertently, QQ provides scammers with the means to contact victims and extort property. To bridge this knowledge gap, this study performs a forensic analysis of QQ's new features on Android and iOS. Our study covers new capabilities such as device detection, file editing and transferring, the integrated camera, document sharing, payment, and service functions, message withdrawal, real-time location sharing, phone numbers, contacts, QQ group activities, chat history with its backup, QQ zone, payment, and privacy preservation and protection measures. The objective of this research is to assist investigators by enhancing the use of forensic tools concerning QQ and its new functionalities to discern what evidence can be acquired and recovered, thereby closing the existing knowledge gap.