Windows 8.x Facebook and Twitter Metro App Artifacts

The release of Windows 8.x for personal computers has increased user appetite for metro apps. Many social media metro apps are available in the Windows Store, the installation of which integrates social media platforms directly into the operating system.

  • PDF / 1,275,541 Bytes
  • 21 Pages / 439.37 x 666.142 pts Page_size
  • 47 Downloads / 134 Views

DOWNLOAD

REPORT


The release of Windows 8.x for personal computers has increased user appetite for metro apps. Many social media metro apps are available in the Windows Store, the installation of which integrates social media platforms directly into the operating system. Metro applications enable social media platforms to be accessed without an Internet browser. The increased demand for metro apps has turned out to be a gold mine in digital forensic investigations. This is because, whenever an app is executed within an operating system, evidentiary traces of activities are left behind. Hence, it is important to locate and analyze evidentiary traces in Windows 8.x personal computer environments. This chapter focuses on the forensic analysis of two widely-used personal computer based, social media metro apps – Facebook and Twitter. Experiments were performed to determine if the activities piloted via these metro apps could be identified and reconstructed. The results reveal that, in the case of Facebook and Twitter metro apps, potential evidence and valuable data exist and can be located and analyzed by digital forensic investigators.

Keywords: Metro apps, Windows 8.x, social media, Facebook, Twitter, artifacts

1.

Introduction

Social media are driving a variety of forms of social interaction, discussion, exchange and collaboration. This makes social media the playground for cyber criminals. As enterprise networks become more secure, cyber criminals focus on exploiting social media platforms and preying on their subscribers. Social media metro apps for Windows 8.x personal computers enable users to exchange information without having to use web browsers, just like the apps on smartphones and tablets. Cyc IFIP International Federation for Information Processing 2016  Published by Springer International Publishing AG 2016. All Rights Reserved G. Peterson and S. Shenoi (Eds.): Advances in Digital Forensics XII, IFIP AICT 484, pp. 259–279, 2016. DOI: 10.1007/978-3-319-46279-0 13

260

ADVANCES IN DIGITAL FORENSICS XII

ber criminals can leverage metro apps to perpetrate activities such as defamation, stalking, malware distribution and catphishing. Web browsers on personal computers have been the primary instrument for committing online fraud and criminal activities; this makes them a gold mine for digital forensic investigators. The traditional approach of accessing social media sites using a browser leaves traces such as the browsing history, cookies, caches, downloads and bookmarks, enabling forensic investigators to reconstruct user activities. As metro apps replace browsers for social media access via Windows 8.x personal computers, they will have important forensic implications. The metro environment in Windows 8.x features a tile-based start screen, where each tile represents a metro application and displays relevant information. For example, a Twitter metro app may show the latest tweets, a Facebook metro app may display the latest posts and news items and a weather app may show the current temperature and forecast. Clearly, m