I am working a case where I am trying to determine if the suspect logged into Facebook from the victim's computer. The computer is running Win8 and there is no browser history in anything other than IE10. Yes, I know I can't prove the suspect is the one who logged in, but to make a long story short, I am trying to see if his account logged in from this computer.
I ran IEF against my image and found urls on the date and time I am looking for. One of the urls of interest is styled "https://www.facebook.com/XXXXXXXX[i]?ajaxpipe=1&ajaxpipe_token=AXiQBPkXyo0LDZk1&quickling[version]=1137246%3B0%3B1%3B0%3B&__user=XXXXXXXX[i]&__a=1&__dyn=7n8a9EAMBlCFUSt2u6aOGUGy6zECQqbx2mbAKGiyGGEVF4YxU&__req=jsonp_3&__rev=1137246&__adt=3" This is from the WebCacheV01.dat file
I am trying to determine if this is where the suspect logged into their account, or if this was the victim merely viewing the suspect's page. Is there anything in a url, or is there a list of Facebook urls that would tell what to look for if someone logged into their Facebook account?
AccessData says there are logs kept in the temporary internet file whenever someone logs into Facebook (profile[#].htm). The information I have is from Win7, I am not finding the information where AD says it should be in Win8. Did it move in Win8?
In short, is there any way of telling by url information, if someone logged into that account?
↧