Forensic investigation of social networking applications

Social networking applications such as Facebook, Twitter and Linkedin may be involved in instances of misuse such as copyright infringement, data protection violations, defamation, identity theft, harassment, and dissemination of confidential information and malware that can affect both organizations and individuals. In this paper we examine the computer forensic process of obtaining digital evidence from social networking applications and the legal aspects of such. Currently there do not appear to be commonly available guidelines for organizations aimed specifically at the computer forensic process of investigation of social networking applications

Investigating employee harassment via social media

Previously the investigation of employee harassment within the workplace would typically have involved obtaining evidence regarding physical contact, verbal contact (face to face or via telephone) or written contact (via letters or notes or email) between a suspect and a victim. Social media has added a new avenue to the investigation of employee harassment that goes beyond the physical workplace and normal working hours. In this paper we examine the process of computer forensic investigation of employee harassment via social media and the legal aspects of such. In particular we examine employee harassment via social media in terms of the reporting of harassment, the computer forensic investigation process, the relevant UK legislation and its application, and discuss good practice guidelines for educating employers and employees regarding how to use social media in the workplace and beyond in an acceptable manner

CloudMe forensics : a case of big-data investigation

The significant increase in the volume, variety and velocity of data complicates cloud forensic efforts, as such big data will, at some point, become computationally expensive to be fully extracted and analyzed in a timely manner. Thus, it is important for a digital forensic practitioner to have a well-rounded knowledge about the most relevant data artefacts that could be forensically recovered from the cloud product under investigation. In this paper, CloudMe, a popular cloud storage service, is studied. The types and locations of the artefacts relating to the installation and uninstallation of the client application, logging in and out, and file synchronization events from the computer desktop and mobile clients are described. Findings from this research will pave the way towards the development of tools and techniques (e.g. data mining techniques) for cloud-enabled big data endpoint forensics investigation

A two-stage model for social network investigations in digital forensics

This paper proposes a two-stage model for identifying and contextualizing features from artefacts created as a result of social networking activity. This technique can be useful in digital investigations and is based on understanding and the deconstruction of the processes that take place prior to, during and after user activity; this includes corroborating artefacts. Digital Investigations are becoming more complex due to factors such as, the volume of data to be examined; different data formats; a wide range of sources for digital evidence; the volatility of data and the limitations of some of the standard digital forensic tools. This paper highlights the need for an approach that enables digital investigators to prioritize social network artefacts to be further analysed; determine social connections in the context of an investigation e.g. a user’s social relationships, how recovered artefacts came to be, and how they can successfully be used as evidence in cour

Forensic investigation of P2P cloud storage services and backbone for IoT networks : BitTorrent Sync as a case study

Cloud computing has been regarded as the technology enabler for the Internet of Things (IoT). To ensure the most effective collection of IoT-based evidence, it is vital for forensic practitioners to possess a contemporary understanding of the artefacts from different cloud services. In this paper, we seek to determine the data remnants from the use of BitTorrent Sync version 2.0. Findings from our research using mobile and computer devices running Windows 8.1, Mac OS X Mavericks 10.9.5, Ubuntu 14.04.1 LTS, iOS 7.1.2, and Android KitKat 4.4.4 suggested that artefacts relating to the installation, uninstallation, log-in, log-off, and file synchronisation could be recovered, which are potential sources of IoT forensics. We also present a forensically sound investigation methodology for BitTorrent Sync

Open source intelligence gathering for hate speech in Kenya

Thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Information Systems Security (MSc.ISS) at Strathmore UniversityThe Internet has been celebrated for its ability to erode barriers between nations. Social media is a powerful medium that can unite, inform, and move people. One post can start a chain of events that changes the world. It gives users fast access to and sharing of information and facilitates ease of communication. However, the Internet allows for a lot of negativity as well. There has been an increase in hate speech activities on social media in the Kenyan cyber space. The National Cohesion and Integration Commission (NCIC) was established to facilitate and promote equality of opportunity, good relations, harmony and peaceful co-existence between persons of the different ethnic and racial communities of Kenya, and to advise the Government on all aspects thereof (Act No, 12, 2008). In particular, the NCIC Act of 2008 is mandated to curb hate speech. This research studied existing hate speech detection tools in use by NCIC, then identified gaps and challenges faced. A technical solution (tool for analyzing hate speech) was proposed that can be implemented by the NCIC and the government to respond to hate-speech cases perpetrated through social media platforms. The developed tool tracked challenges and gaps in the existing tools currently in use by NCIC for hate speech monitoring, detection and analysis. Due to the differences in Application Programming Interface (API) implementation on the variety of social media platforms used in Kenya, the scope of this research is limited to Twitter. This research employed the use of predictive analytics for text classification using Naïve Bayes. A tool that uses the predictive model in assistance to detection of hate-speech online was developed to conceptualize the solutions discussed in this research

A Framework for using Open Source intelligence as a Digital Forensic Investigative tool

The proliferation of the Internet has amplified the use of social networking sites by creating a platform that encourages individuals to share information. As a result there is a wealth of information that is publically and easily accessible. This research explores whether open source intelligence (OSINT), which is freely available, could be used as a digital forensic investigative tool. A survey was created and sent to digital forensic investigators to establish whether they currently use OSINT when performing investigations. The survey results confirm that OSINT is being used by digital forensic investigators when performing investigations but there are currently no guidelines or frameworks available to support the use thereof. Additionally, the survey results showed a belief amongst those surveyed that evidence gleaned from OSINT sources is considered supplementary rather than evidentiary. The findings of this research led to the development of a framework that identifies and recommends key processes to follow when conducting OSINT investigations. The framework can assist digital forensic investigators to follow a structured and rigorous process, which may lead to the unanimous acceptance of information obtained via OSINT sources as evidentiary rather than supplementary in the near future

Forensic investigation of social networking applications

Social networking applications such as Facebook, LinkedIn, MySpace and Twitter provide facilities including email, blogging, instant messaging and photo sharing for social and commercial exchange.1 There has been a rapid growth in the use of social networking applications by both individuals and organisations.2,3 And an increasing number of organisations use Facebook and Twitter as part of their marketing campaigns.4,5 Social networking applications such as Facebook, Twitter and LinkedIn may be involved in instances of misuse that can affect both organisations and individuals. Dr Mark Taylor, Dr John Haggerty, David Gresty, Peter Almond and Dr Tom Berry of Liverpool John Moores University, Nottingham Trent University and University of Greenwich examine the forensic process of obtaining digital evidence from social networking applications and the legal aspects involved in potential misuse

Analytical method for forensic investigation of social networking applications on smartphones

Social Networking has influenced the way people interact with each other. Many people use social networking applications for individual or commercial purposes to share information. However, the rapid growth of social networking and social networking applications on mobile devices has attracted cyber criminals and has resulted in their use in many criminal activities such as identity theft, piracy, illegal trading, sexual harassment, cyber stalking and cyber terrorism. Mobile devices are a gold mine of evidences for forensic investigators as they store valuable social networking data. Previous researches on forensic investigation of social networking applications on smartphones were conducted using existing forensic analyzer tools and failed to identify important data remnants including passwords, GPS locations, uploaded files, posts and messages. Therefore, the result of previous researches indicate that the current mobile forensic analyzer tools and methods are not able to automatically acquire enough valuable data remnants from social networking applications on smartphones and only provide an interface to the data for the investigator. In this research, we propose an examination method for investigation of social networking applications on smartphones in order to detect all possible data remnants when undertaking the forensic investigation of social networking platforms. In this examination method, logical and physical images of smartphones are examined manually using a set of predefined keywords. This will allow the investigators to detect the data remnants and identify their patterns. The identified patterns are then used to design an algorithm for detecting social networking data remnants automatically. The outcome of this research resulted in detection of user‟s username, password, UID, personal information, pictures, workplace and organization, GPS locations, friend list, uploaded posts, uploaded messages, uploaded comments, uploaded files, interests and identification of the pattern for how and where each data remnant is stored in the internal memory and internal storage of the smartphone. Moreover, an algorithm was designed that automatically extracts social networking data remnants from smartphones using the identified patterns. We hope this research can be a stepping stone for identifying a common methodology for investigation of all types of smartphone applications and serve as the first step toward developing a consistent digital forensic framework for social networking such as the one proposed and evaluated in this research