Abstract
The release of Windows 8.x for personal computers has increased user appetite for metro apps. Many social media metro apps are available in the Windows Store, the installation of which integrates social media platforms directly into the operating system. Metro applications enable social media platforms to be accessed without an Internet browser. The increased demand for metro apps has turned out to be a gold mine in digital forensic investigations. This is because, whenever an app is executed within an operating system, evidentiary traces of activities are left behind. Hence, it is important to locate and analyze evidentiary traces in Windows 8.x personal computer environments.
This chapter focuses on the forensic analysis of two widely-used personal computer based, social media metro apps – Facebook and Twitter. Experiments were performed to determine if the activities piloted via these metro apps could be identified and reconstructed. The results reveal that, in the case of Facebook and Twitter metro apps, potential evidence and valuable data exist and can be located and analyzed by digital forensic investigators.
Chapter PDF
Similar content being viewed by others
References
Al Mutawa, N., Al Awadhi, I., Baggili, I., Marrington, A.: Forensic artifacts of Facebook’s instant messaging service. In: Proceedings of the International Conference on Internet Technology and Secured Transactions, pp. 771–776 (2011)
Al Mutawa, N., Baggili, I., Marrington, A.: Forensic analysis of social networking applications on mobile devices. Digital Investigation 9(S), S24–S33 (2012)
Brewer, M., Fenger, T., Boggs, R., Vance, C.: A Comparison Between the Windows 8 and Windows 7 Registries. Forensic Science Center, Marshall University, Huntington, West Virginia (2014). www.marshall.edu/forensics/files/Matts-Paper.pdf
Dickson, M.: An examination into AOL Instant Messenger 5.5 contact identification. Digital Investigation 3(4), 227–237 (2006)
Dickson, M.: An examination into Yahoo Messenger 7.0 contact identification. Digital Investigation 3(3), 159–165 (2006)
Facebook, Law Enforcement Online Requests, Menlo Park, California (2016). www.facebook.com/records/x/login
Facebook Help Center, How does chat work with messages? Facebook, Menlo Park, California (2016). www.facebook.com/help/124629310950859
Goh, T.: Challenges in Windows 8 Operating System for Digital Forensic Investigations, M.F.I.T. Thesis, School of Computing and Mathematical Sciences, Auckland University of Technology, Auckland, New Zealand (2014)
Iqbal, A., Al Obaidli, H., Marrington, A., Jones, A.: Windows Surface RT tablet forensics. Digital Investigation 11(S1), S87–S93 (2014)
Khatri, Y.: Search History on Windows 8 and 8.1, Yogesh Khatri’s Forensic Blog, Swift Forensics, April 1, 2014. www.swiftforensics.com/2014/04/search-history-on-windows-8-and-81.html
Kruzeniski, M.: Welcome Twitter for Windows 8, Twitter, San Francisco, California, March 14, 2013. blog.twitter.com/2013/welcome-twitter-for-windows-8
Lee, C., Chung, M.: Digital forensic analysis on Windows 8 style UI instant messenger applications. In: Park, J., Stojmenovic, I., Jeong, H., Yi, G. (eds.) Computer Science, its Applications: Ubiquitous Information Technologies. LNEE, vol. 330, pp. 1037–1042. Springer, Heidelberg (2015)
Microsoft Windows Dev Center, App. and User Data, Microsoft, Redmond, Washington (2016). msdn.microsoft.com/en-us/library/windows/apps/jj553522.aspx
Microsoft Windows Dev Center, App. Data Storage, Microsoft, Redmond, Washington (2016). msdn.microsoft.com/en-us/library/windows/apps/hh464917.aspx
Murphy, C., Leong, A., Gaffney, M., Punja, S., Gibb, J., McGarry, B.: Windows Phone 8 Forensic Artifacts, InfoSec Reading Room. SANS Institute, Bethesda, Maryland (2015)
Parsons, A.: Windows 10 Forensics Part 2: Facebook App. Forensics, Computer and Digital Forensics Blog, Senator Patrick Leahy Center for Digital Investigation, Champlain College, Burlington, Vermont, April 1, 2015. computerforensicsblog.champlain.edu/2015/04/01/windows-10-facebook-forensics
Stormo, J.: Analysis of Windows 8 Registry Artifacts, M.S. Thesis. Department of Computer Science, University of New Orleans, New Orleans, Louisiana (2013)
Thomson, A.: Windows 8 Forensic Guide, M.F.S. Thesis. Department of Forensic Sciences, George Washington University, Washington, DC (2012). www.propellerheadforensics.files.wordpress.com/2012/05/thomson_windows-8-forensic-guide2.pdf
Twitter, Law Enforcement Request, San Francisco, California (2016). support.twitter.com/forms/lawenforcement
Zellers, F.: MySpace.com Forensic Artifacts Keyword Searches (2008). www.inlanddirect.com/CEIC-2008.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 IFIP International Federation for Information Processing
About this paper
Cite this paper
Bhushan Deb, S. (2016). Windows 8.x Facebook and Twitter Metro App Artifacts. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XII. DigitalForensics 2016. IFIP Advances in Information and Communication Technology, vol 484. Springer, Cham. https://doi.org/10.1007/978-3-319-46279-0_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-46279-0_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46278-3
Online ISBN: 978-3-319-46279-0
eBook Packages: Computer ScienceComputer Science (R0)