A forensic examination of four popular cross-platform file-sharing apps with Wi-Fi P2P.

File-sharing apps with Wi-Fi hotspot or Wi-Fi Direct functions become more popular. They can work on multiple platforms and allow users to transfer files in a concealed manner. However, when criminals use these apps in illegal activities, it becomes an important issue for investigators to find digital evidence on multiple platforms. At present, there are few studies on this topic, and most of them are limited to the single platform problem. In this paper, we propose a forensic examination method for four popular cross-platform file-sharing apps with Wi-Fi hotspot and Wi-Fi Direct functions: Zapya, SHAREit, Xender, and Feem. We use 22 static and live forensic tools for 11 platforms to acquire, analyze, and classify the forensic artifacts. In our experiments, we find many useful forensic artifacts and classify them into six categories. The experimental results can support law enforcement investigations of digital evidence and provide information for future studies on other cross-platform file-sharing apps.