Skip to main content


Twitter is a global social media platform that sees a lot of use in people's daily lives. Social media platforms always have a variety of privacy settings but how private and secure are they truly? In order to retrieve evidence of Twitter web activities, the following questions will be answered from a computer forensics point of view: 1) What type of evidence can we retrieve? 2) Where is the evidence located on a suspect’s computer? 3) How can we retrieve traces of evidence from a suspect’s computer? Since this is a controlled environment research, the same browsing platform was constantly used, Mozilla Firefox. Virtual Machines (VMs) were created on newly imaged laptops that were used for this project. Afterwards, social media accounts were created on separate VMs with VMWare, pre-made scenarios were enacted and parts of the machine searched for any evidence of activity. After setting up the controlled environment and defining scenarios that will be carried out on social media, focus was put on examining the RAM of one of the social media users after the user had carried out the scenarios. Then, the memory image of a virtual machine (VM) was captured(MagnetRAMCapture) and analyzed with a forensic tool(Bulk Extractor Viewer). So far, the analysis has proven to be very successful. Through the inspection of the memory image, much was found such as the users' full name, email address, social media account name, social media password, and even the interaction between social media user 1 and social media user 2.


File nameDate UploadedVisibilityFile size
19 Jul 2022
118 MB



  • Subject
    • Computer Science & Information Systems

  • Institution
    • Dahlonega

  • Event date
    • 17 April 2020

  • Date submitted

    19 July 2022

  • Additional information
    • Acknowledgements:

      Ahmad Ghafarian