Hey all,
First time posting.
I know how to find forensic artifacts from normal Facebook activities (IM, wall posts, etc) but how would I find artifacts from Facebook apps such as Farmville or other games that allow users to send messages to each other?
Any help would be great, thanks.
Let's analyze this and see.
When you start up Farmville and perform an action, what happens (on the screen, through a pop up message, to another user, to your account?)
How long do these items stay up on the screen, (until viewed, until overwritten, until the next update comes along?)
Doing something similar to this for my university final year project. Any help would be greatly appreciated!
Why not have something like Process Monitor running in the background when you perform certain actions in Farmville and then analyse the output from that to see if anything is picked up?
If you want to go even further, run WireShark to capture network traffic.
Why not have something like Process Monitor running in the background when you perform certain actions in Farmville and then analyse the output from that to see if anything is picked up?
If you want to go even further, run WireShark to capture network traffic.
This.
Also the Network tab in Chrome's Developer tools is good for watching the components of pages download.
Thanks for the tips!
One of the problems I am having is that chat history from Words With Friends is being picked up by IEF and FTK in the form of "game[1].json", but chat history from any other games (Poker, YoVille etc) is not being found.
Does anyone know why this would be and if/how I can retrieve the remaining messages?
Thanks!
This is a guess, but you probably need to do that manually. Automated tools can't possibly pick up every app available and properly decode them. I had a similar situation with a texting app last year. Fortunately, the history was kept in a SQLite database, so it was easy to decode. None of the automated tools picked it up.