Social snapshots: digital forensics for online social networks

Recently, academia and law enforcement alike have shown a strong demand for data that is collected from online social networks. In this work, we present a novel method for harvesting such data from social networking websites. Our approach uses a hybrid system that is based on a custom add-on for social networks in combination with a web crawling component. The datasets that our tool collects contain profile information (user data, private messages, photos, etc.) and associated meta-data (internal timestamps and unique identifiers). These social snapshots are significant for security research and in the field of digital forensics. We implemented a prototype for Facebook and evaluated our system on a number of human volunteers. We show the feasibility and efficiency of our approach and its advantages in contrast to traditional techniques that rely on application-specific web crawling and parsing. Furthermore, we investigate different use-cases of our tool that include consensual application and the use of sniffed authentication cookies. Finally, we contribute to the research community by publishing our implementation as an open-source project.

[1]  Christopher Krügel,et al.  A Practical Attack to De-anonymize Social Network Users , 2010, 2010 IEEE Symposium on Security and Privacy.

[2]  Kevvie Fowler SQL Server Forensic Analysis , 2008 .

[3]  Edgar R. Weippl,et al.  Friend-in-the-Middle Attacks: Exploiting Social Networking Sites for Spam , 2011, IEEE Internet Computing.

[4]  Jun Hu,et al.  Detecting and characterizing social spam campaigns , 2010, CCS '10.

[5]  Michael Cohen,et al.  PyFlag - An advanced network forensic framework , 2008, Digit. Investig..

[6]  Hany Farid,et al.  Digital image authentication from thumbnails , 2010, Electronic Imaging.

[7]  Nasir D. Memon,et al.  Digital Forensics , 2009, IEEE Secur. Priv..

[8]  Mark John Taylor,et al.  Forensic investigation of cloud computing systems , 2011, Netw. Secur..

[9]  Roy H. Campbell,et al.  Forenscope: a framework for live forensics , 2010, ACSAC '10.

[10]  Christoph Wegener,et al.  Technical Issues of Forensic Investigations in Cloud Computing Environments , 2011, 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[11]  Brian D. Carrier,et al.  File System Forensic Analysis , 2005 .

[12]  Xiaohui Liang,et al.  Secure provenance: the essential of bread and butter of data forensics in cloud computing , 2010, ASIACCS '10.

[13]  Leyla Bilge,et al.  All your contacts are belong to us: automated identity theft attacks on social networks , 2009, WWW '09.

[14]  Matt Bishop,et al.  Live Analysis: Progress and Challenges , 2009, IEEE Security & Privacy.