Download to read offline
![Social Networking Project[1]](https://cdn.slidesharecdn.com/ss_thumbnails/socialnetworkingproject1-100405091140-phpapp02-thumbnail.jpg?width=640&height=640&fit=bounds)
Week 10 Social Media Forensics (3).pptx
- 1. Program Studi TeknikInformatika Fakultas Teknik – Universitas Surabaya Social Media Forensics
- 2. Program Studi TeknikInformatika Fakultas Teknik – Universitas Surabaya Social Media Evidence: What you put on Facebook or Instagram or Twitter or Youtube?
- 3.
- 4.
- 5.
- 6.
- 7.
- 8. Facebook Produces Evidence •Party Admissions – What Facebook data? – Posts, E-mail, Friends • State of Mind – What Facebook data? – Status Updates • Witness Credibility - What Facebook data? – Posts, E-mail, Places, Friends, Contact Info • Witness Character - What Facebook data? – Photos, Videos, Likes, Apps
- 9. Why is Facebookthe New Confessional? • Speed and breadth amplify communication velocity • Insecure communication – Privacy controls constantly changing and often misunderstood – Risk of impersonation by fake profiles – e.g. defamation • Rapid, short and snappy communication – Not reviewed, nor proofread; often grossly inaccurate – Lacking context and precise meaning – Interpretation often left to reader • Lack of control over content – often ‘goes viral’ • Tacitly encourages candor as key social behavior – Evidence often surprisingly relevant, incriminating, and powerful for impeachment
- 10. “Frictionless Sharing” –Oversharing Automatic, Passive, Real-Time Updates • Logging into web sites with Facebook identity can trigger automatic sharing on Facebook of activity on external sites: – Yahoo! News, Washington Post, The Guardian – Spotify, Rhapsody – Netflix, Hulu
- 11. Facebook Graph Search •Facebook Graph Search
- 12.
- 13. Social Media –Law Enforcement • “As a prosecutor, the first thing I do when I get a case is to Google the victim, the suspect, and all the material witnesses. I run them all through Facebook, MySpace, Twitter, Youtube, and see what I might get. I also do a ‘Google image search’’ and see what pops up. Sometimes there’s nothing, but other times I get the goods – pictures, status updates, and better yet, blogs and articles they’ve written.” – A former deputy district attorney for Los Angeles County • “You find out about people you never would have known” – Dean Johnston, California Bureau of Narcotics Enforcement
- 14. Social Media Evidence •What is Social Media Forensics? • The application of computer investigation and analysis techniques to gather information evidence from online sources, suitable for presentation in a court of law.
- 15. Social Media Evidence •Collection Methods: – Screen scrape/ screen capture – Manual documentation – Open source tools (HTTrack) – Commercial tool (X1) – Web service (Pagefreezer) – Forensics recovery – Content subpoena
- 16. Social Media CaseInvestigations • Analysis • Information Bases • Online Preservation and Collection • Admissibility
- 17. Social Media -Discovery • Electronically stored information (ESI) is data that is created, altered, communicated and stored in digital form. • What ESI available for review? • Evidence strategies – computer and mobile devices • Request for evidence
- 18. What ESI canwe get for review? content Pushed content metada Friends, friends of friends, connections, followers, etc. E-mail notifications with metadata Site names Status updates, relationship status, etc. RSS Feeds with Metadata Date/Time Stamps Email, chat, text messages, friend request, pokes, etc. Uniform Resource Locators (URLs) Timeline (profile) – name, picture, gender, contact, birthday, etc. Geoloaction information (Check-ins) Wall, posts, comments, tags, etc. IP Logs Likes, reads, views, listens, etc. Login/Logout logs Networks, groups, events, etc. Photos, videos, Audio, Music, tags Apps, App Data, Games
- 19. Evidence Strategies -Computer • If target’s evidence is insufficient – Social media evidence is missing – Evidence destruction is suspected • Should look outside Facebook – E-mail notifications – RSS containing content & time stamps pushed out by social media site • Move for warrant/court order for computer forensics analysis of opposition hard drives • Recorver social media evidence • What evidence? What will it look like?
- 20.
- 21. Social Media Evidence •Anatomy Twitter Tweet – RT = re-tweet – @xxxxx = a twitter user name – #xxxxx = hashtag, a subject or reference identifier – Htttp://xxx = a link, usually shortened to fit in tweet – Max character for tweet? – Twitter Feeds
- 22. Social Media Evidence •Anatomy Facebook Post?
- 23. Social Media Evidence •Anatomy LinkedIn Post & Data?
- 24. Social Media Evidence •GeoLocation?
- 25. Social Media Evidence-Example • Target Profile • Profile (Timeline) information (e.g. contact information, interest, groups) • Wall (timeline) posts and content that posted into profile (timeline) • Photos and videos uploaded to account • Friend list • Notes created • Events to which having RSVP • Sent and received messages • Any comments on Wall (timeline) posts, photos, and other profile content.
- 26. Evidence Elements • IPaddreses: any IP addresses that stored who accessed to account • Login info: a list of logins that have stored • Logout info: the ip address from which logged out • Pending friend request: friend request that an account sent but have not accepted or rejected. • Account status changes: dates when an account was reactivated, deactivated, disabled or deleted. • Poke info: information about the pokes exchanged • Events info: events that accepted, declined, and responded maybe to by an account • Other profile (timeline) info: the mobile phone numbers that added to an account • City & hometown • Family members • Relationsship info (names and statuses) • A list of the language that added to an account • A history of any changes that have made to the name profile.
- 27. Social Media EvidenceRecovery • From an account settings