I was wondering if there was anybody out here that knows of any software tools that can help assist in dealing with Yearbook forensics?
Thanks
Which one is it? There appears to be a few such as myyearbook.com.
If you do not get a response my advice is do your own test (which is not a bad idea anyway)
Set up an account using the same OS (maybe a second account on another machine [different OS maybe] to go back and forth with posts).
Keep a log of dates and times what name and password you use and the
features you use.
Myyearbook may be tied into Facebook so you may want to try JADSoftware's Internet Evidence Finder for Facebook data.
Do a RAM Dump on both machines (see some of the Live and Networking posts if you are not familiar) The RAM dump will be a smaller image to examine than a hard drive.
Using a hex editor/viewer (such as WinHex or FTK Imager) search for the terms you used. Look at the hex values before, in the middle of, or after the search term.
You can then develop your own Hex or even text search terms to use in your exam.
Now it is possible that the data in RAM may not be found on the hard disk drive. Different OS's may vary results as well. Repeating this process on different machines will help validate your findings.
Regards,
Chris Currier