Post on 18-Jan-2016
Social Network Forensic
By Xing Liu
CSC153Spring 2009
Background of Social Network
Bring people with special interests together.
Classmates.com(1995) sixDegrees.com(1997) on
indirect ties. Myspace(2003) Facebook(2003) Flickr(2004) - Photos Ning(2005) - Own Social
Network twitter(2006)-text-based
posts
Background of Social Network con't
Huge amount of people related in social network.
75% of software developers belong to at least one social network.
Social networking among US broadband users has grown 93% since 2006.
Twitter - From Feb '08 to Feb '09, it clocked in at a whopping 1,382% growth rate.
Source: http://www.socialnetworkingwatch.com/all_social_networking_statistics/
Technical Details of Social Networks
• Mostly web-based systems.
• Web servers and databases in the backend.
• Have its own API services and application languages.
• Facebook – FBML(Facebook Markup Language).
• MySpace Developer Platform – based on the OpenSocial model from Google Code.
Issues with Social Networking
• Privacy – easy accesses to personal information such as birthday or personal images.
• Potential misuse – fake identities.
• Child safety – online sexual predators.
Social Networking Cases
• October 2005, pictures from Facebook were used to cite violators at North Carolina State University for under age drinking.
• In November 2005, student used the message board of a Facebook group to share class information without authorization of professor at Kansas State University.
• February 2007, following the fatal hit-and-run death of freshman in University of Connecticut, police was able to link to the suspect driver by identifying suspect's girlfriend with the help of Facebook.
Sources: http://en.wikipedia.org/wiki/Use_of_social_network_websites_in_investigations
Forensic Methods for Social Networking Cases
• Client Side – seize victims' or suspects' computers.
• Server Side – contact social network service providers to grab information from their servers.
• Real Time – intercept the message sent in real time.
Forensic Methods – Client Side
• Use forensic tools such as FTK to look for any deleted browser history or messages in the hard drive.
• Check the registry for device connection information.
• If a case is involved in photo evidence, we can do a FTK keyword search for related photo information.
• Steganography Tools for hidden message within photos.
Forensic Methods – Server Side
• Contact service providers to give out server information.
• Log files in the web servers, such as Access Log in Apache web server – get IP address of clients.
• FTP log for uploaded images' information.
• Live system imaging using dd & Netcat. (Discussed in Chapter 6)
Forensic Methods – Real Time
• Contact ISP provider to monitor information sent between the client and server machines.
• Monitor suspect's router for live traffic data stream.
• Install Keylogger in the suspect's machine.
Social Networking Forensic – obstacles
• The the impact of social network is getting bigger and bigger.
• From acquiring evidence standpoint, it's getting harder to acquire because of more servers involved.
• Computer forensic experts need to be more familiar to different web and database server settings.
• Learn different web services application languages such as FBML and OpenSocial.
Social Networking Forensic – advantages
• Information in social network can be easily searched by investigators.
• Photos posted in the social network profiles may be used as evidence.
• Because of the social network links of degrees, investigators can learn important information by identifying related personnels in the network.
Questions?
The End
Thank You