Abstract - Encrypted messaging platforms such as WhatsApp, Signal, and Telegram protect user confidentiality but introduce major challenges for mobile device forensic investigations. Modern smartphones enforce strict sandbox policies, encrypted databases, secure storage modules like Apple Secure Enclave and Android TEE, and data-at-rest encryption schemes including SQLCipher. This research proposes a Multi-Layer Mobile Forensic Investigation Framework (ML-MFIF) integrating acquisition strategy evaluation, encrypted database analysis, metadata reconstruction, and machine-learning-based statistical validation using a synthetic forensic dataset. Results demonstrate that physical acquisition yields a 31 percentage point higher artifact recovery rate compared to logical acquisition (84% vs. 53%). WhatsApp provides the highest recoverability (78% success), followed by Telegram (62%) and Signal (39%). The proposed model assists examiners in predicting evidence accessibility and prioritizing forensic workflows in encrypted environments.