Skip to main content

Windows 8.x Facebook and Twitter Metro App Artifacts

  • 1018 Accesses

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT,volume 484)


The release of Windows 8.x for personal computers has increased user appetite for metro apps. Many social media metro apps are available in the Windows Store, the installation of which integrates social media platforms directly into the operating system. Metro applications enable social media platforms to be accessed without an Internet browser. The increased demand for metro apps has turned out to be a gold mine in digital forensic investigations. This is because, whenever an app is executed within an operating system, evidentiary traces of activities are left behind. Hence, it is important to locate and analyze evidentiary traces in Windows 8.x personal computer environments.

This chapter focuses on the forensic analysis of two widely-used personal computer based, social media metro apps – Facebook and Twitter. Experiments were performed to determine if the activities piloted via these metro apps could be identified and reconstructed. The results reveal that, in the case of Facebook and Twitter metro apps, potential evidence and valuable data exist and can be located and analyzed by digital forensic investigators.


  • Metro apps
  • Windows 8.x
  • Social media
  • Facebook
  • Twitter
  • Artifacts


  1. Al Mutawa, N., Al Awadhi, I., Baggili, I., Marrington, A.: Forensic artifacts of Facebook’s instant messaging service. In: Proceedings of the International Conference on Internet Technology and Secured Transactions, pp. 771–776 (2011)

    Google Scholar 

  2. Al Mutawa, N., Baggili, I., Marrington, A.: Forensic analysis of social networking applications on mobile devices. Digital Investigation 9(S), S24–S33 (2012)

    CrossRef  Google Scholar 

  3. Brewer, M., Fenger, T., Boggs, R., Vance, C.: A Comparison Between the Windows 8 and Windows 7 Registries. Forensic Science Center, Marshall University, Huntington, West Virginia (2014).

  4. Dickson, M.: An examination into AOL Instant Messenger 5.5 contact identification. Digital Investigation 3(4), 227–237 (2006)

    CrossRef  Google Scholar 

  5. Dickson, M.: An examination into Yahoo Messenger 7.0 contact identification. Digital Investigation 3(3), 159–165 (2006)

    CrossRef  Google Scholar 

  6. Facebook, Law Enforcement Online Requests, Menlo Park, California (2016).

  7. Facebook Help Center, How does chat work with messages? Facebook, Menlo Park, California (2016).

  8. Goh, T.: Challenges in Windows 8 Operating System for Digital Forensic Investigations, M.F.I.T. Thesis, School of Computing and Mathematical Sciences, Auckland University of Technology, Auckland, New Zealand (2014)

    Google Scholar 

  9. Iqbal, A., Al Obaidli, H., Marrington, A., Jones, A.: Windows Surface RT tablet forensics. Digital Investigation 11(S1), S87–S93 (2014)

    CrossRef  Google Scholar 

  10. Khatri, Y.: Search History on Windows 8 and 8.1, Yogesh Khatri’s Forensic Blog, Swift Forensics, April 1, 2014.

  11. Kruzeniski, M.: Welcome Twitter for Windows 8, Twitter, San Francisco, California, March 14, 2013.

  12. Lee, C., Chung, M.: Digital forensic analysis on Windows 8 style UI instant messenger applications. In: Park, J., Stojmenovic, I., Jeong, H., Yi, G. (eds.) Computer Science, its Applications: Ubiquitous Information Technologies. LNEE, vol. 330, pp. 1037–1042. Springer, Heidelberg (2015)

    Google Scholar 

  13. Microsoft Windows Dev Center, App. and User Data, Microsoft, Redmond, Washington (2016).

  14. Microsoft Windows Dev Center, App. Data Storage, Microsoft, Redmond, Washington (2016).

  15. Murphy, C., Leong, A., Gaffney, M., Punja, S., Gibb, J., McGarry, B.: Windows Phone 8 Forensic Artifacts, InfoSec Reading Room. SANS Institute, Bethesda, Maryland (2015)

    Google Scholar 

  16. Parsons, A.: Windows 10 Forensics Part 2: Facebook App. Forensics, Computer and Digital Forensics Blog, Senator Patrick Leahy Center for Digital Investigation, Champlain College, Burlington, Vermont, April 1, 2015.

  17. Stormo, J.: Analysis of Windows 8 Registry Artifacts, M.S. Thesis. Department of Computer Science, University of New Orleans, New Orleans, Louisiana (2013)

    Google Scholar 

  18. Thomson, A.: Windows 8 Forensic Guide, M.F.S. Thesis. Department of Forensic Sciences, George Washington University, Washington, DC (2012).

  19. Twitter, Law Enforcement Request, San Francisco, California (2016).

  20. Zellers, F.: Forensic Artifacts Keyword Searches (2008).

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Swasti Bhushan Deb .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2016 IFIP International Federation for Information Processing

About this paper

Cite this paper

Bhushan Deb, S. (2016). Windows 8.x Facebook and Twitter Metro App Artifacts. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XII. DigitalForensics 2016. IFIP Advances in Information and Communication Technology, vol 484. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-46278-3

  • Online ISBN: 978-3-319-46279-0

  • eBook Packages: Computer ScienceComputer Science (R0)