Data packet analysis targeting instant messaging (IM) applications has become one of the most mentioned case examples in the digital forensic industry, considering that the forensic engineers can extract valuable information by analysing the data packets used by the IM software. The crucial part of this process is to accomplish a series of research and investigation, in addition to correctly implement the related forensics tools. This paper is intended to use QQ, a popular IM software in China, as an experiment example, in cooperation with various tools from Kali Linux, a digital forensics-oriented Linux distribution, to present the complete process of the data packet analysis operation. The result concludes from the experiment may be able to provide constructive suggestions to other related digital forensics cases.

Digital forensics; Instance messaging; Kali linux; Packet analysis; Wireshark