Recommended
More Related Content
Similar to Week 10 Social Media Forensics (3).pptx
Similar to Week 10 Social Media Forensics (3).pptx (20)
Recently uploaded
Recently uploaded (20)
Week 10 Social Media Forensics (3).pptx
- 1. Program Studi Teknik Informatika Fakultas Teknik – Universitas Surabaya Social Media Forensics
- 2. Program Studi Teknik Informatika Fakultas Teknik – Universitas Surabaya Social Media Evidence: What you put on Facebook or Instagram or Twitter or Youtube?
- 3. Background
- 5. Direct Message Multiplayer Games
- 7. FACEBOOK
- 8. Facebook Produces Evidence • Party Admissions – What Facebook data? – Posts, E-mail, Friends • State of Mind – What Facebook data? – Status Updates • Witness Credibility - What Facebook data? – Posts, E-mail, Places, Friends, Contact Info • Witness Character - What Facebook data? – Photos, Videos, Likes, Apps
- 9. Why is Facebook the New Confessional? • Speed and breadth amplify communication velocity • Insecure communication – Privacy controls constantly changing and often misunderstood – Risk of impersonation by fake profiles – e.g. defamation • Rapid, short and snappy communication – Not reviewed, nor proofread; often grossly inaccurate – Lacking context and precise meaning – Interpretation often left to reader • Lack of control over content – often ‘goes viral’ • Tacitly encourages candor as key social behavior – Evidence often surprisingly relevant, incriminating, and powerful for impeachment
- 10. “Frictionless Sharing” – Oversharing Automatic, Passive, Real-Time Updates • Logging into web sites with Facebook identity can trigger automatic sharing on Facebook of activity on external sites: – Yahoo! News, Washington Post, The Guardian – Spotify, Rhapsody – Netflix, Hulu
- 11. Facebook Graph Search • Facebook Graph Search
- 13. Social Media – Law Enforcement • “As a prosecutor, the first thing I do when I get a case is to Google the victim, the suspect, and all the material witnesses. I run them all through Facebook, MySpace, Twitter, Youtube, and see what I might get. I also do a ‘Google image search’’ and see what pops up. Sometimes there’s nothing, but other times I get the goods – pictures, status updates, and better yet, blogs and articles they’ve written.” – A former deputy district attorney for Los Angeles County • “You find out about people you never would have known” – Dean Johnston, California Bureau of Narcotics Enforcement
- 14. Social Media Evidence • What is Social Media Forensics? • The application of computer investigation and analysis techniques to gather information evidence from online sources, suitable for presentation in a court of law.
- 15. Social Media Evidence • Collection Methods: – Screen scrape/ screen capture – Manual documentation – Open source tools (HTTrack) – Commercial tool (X1) – Web service (Pagefreezer) – Forensics recovery – Content subpoena
- 16. Social Media Case Investigations • Analysis • Information Bases • Online Preservation and Collection • Admissibility
- 17. Social Media - Discovery • Electronically stored information (ESI) is data that is created, altered, communicated and stored in digital form. • What ESI available for review? • Evidence strategies – computer and mobile devices • Request for evidence
- 18. What ESI can we get for review? content Pushed content metada Friends, friends of friends, connections, followers, etc. E-mail notifications with metadata Site names Status updates, relationship status, etc. RSS Feeds with Metadata Date/Time Stamps Email, chat, text messages, friend request, pokes, etc. Uniform Resource Locators (URLs) Timeline (profile) – name, picture, gender, contact, birthday, etc. Geoloaction information (Check-ins) Wall, posts, comments, tags, etc. IP Logs Likes, reads, views, listens, etc. Login/Logout logs Networks, groups, events, etc. Photos, videos, Audio, Music, tags Apps, App Data, Games
- 19. Evidence Strategies - Computer • If target’s evidence is insufficient – Social media evidence is missing – Evidence destruction is suspected • Should look outside Facebook – E-mail notifications – RSS containing content & time stamps pushed out by social media site • Move for warrant/court order for computer forensics analysis of opposition hard drives • Recorver social media evidence • What evidence? What will it look like?
- 21. Social Media Evidence • Anatomy Twitter Tweet – RT = re-tweet – @xxxxx = a twitter user name – #xxxxx = hashtag, a subject or reference identifier – Htttp://xxx = a link, usually shortened to fit in tweet – Max character for tweet? – Twitter Feeds
- 22. Social Media Evidence • Anatomy Facebook Post?
- 23. Social Media Evidence • Anatomy LinkedIn Post & Data?
- 24. Social Media Evidence • GeoLocation?
- 25. Social Media Evidence- Example • Target Profile • Profile (Timeline) information (e.g. contact information, interest, groups) • Wall (timeline) posts and content that posted into profile (timeline) • Photos and videos uploaded to account • Friend list • Notes created • Events to which having RSVP • Sent and received messages • Any comments on Wall (timeline) posts, photos, and other profile content.
- 26. Evidence Elements • IP addreses: any IP addresses that stored who accessed to account • Login info: a list of logins that have stored • Logout info: the ip address from which logged out • Pending friend request: friend request that an account sent but have not accepted or rejected. • Account status changes: dates when an account was reactivated, deactivated, disabled or deleted. • Poke info: information about the pokes exchanged • Events info: events that accepted, declined, and responded maybe to by an account • Other profile (timeline) info: the mobile phone numbers that added to an account • City & hometown • Family members • Relationsship info (names and statuses) • A list of the language that added to an account • A history of any changes that have made to the name profile.
- 27. Social Media Evidence Recovery • From an account settings