ABSTRACT
Recently, academia and law enforcement alike have shown a strong demand for data that is collected from online social networks. In this work, we present a novel method for harvesting such data from social networking websites. Our approach uses a hybrid system that is based on a custom add-on for social networks in combination with a web crawling component. The datasets that our tool collects contain profile information (user data, private messages, photos, etc.) and associated meta-data (internal timestamps and unique identifiers). These social snapshots are significant for security research and in the field of digital forensics. We implemented a prototype for Facebook and evaluated our system on a number of human volunteers. We show the feasibility and efficiency of our approach and its advantages in contrast to traditional techniques that rely on application-specific web crawling and parsing. Furthermore, we investigate different use-cases of our tool that include consensual application and the use of sniffed authentication cookies. Finally, we contribute to the research community by publishing our implementation as an open-source project.
- L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda. All your contacts are belong to us: automated identity theft attacks on social networks. In Proceedings of the 18th international conference on World wide web, pages 551--560. ACM, 2009. Google ScholarDigital Library
- D. Birk and C. Wegener. Technical issues of forensic investigatinos in cloud computing environments. In Systematic Approaches to Digital Forensic Engineering, 2011. SADFE 2011. Sixth International Workshop on. IEEE. Google ScholarDigital Library
- E. Butler. Firesheep. Online at http://codebutler.com/firesheep, oct 2010.Google Scholar
- M. Caloyannides, N. Memon, and W. Venema. Digital forensics. Security & Privacy, IEEE, 7(2):16--17, 2009. Google ScholarDigital Library
- B. Carrier. File system forensic analysis. Addison-Wesley Professional, 2005. Google ScholarDigital Library
- E. Chan, S. Venkataraman, F. David, A. Chaugule, and R. Campbell. Forenscope: A framework for live forensics. In Proceedings of the 26th Annual Computer Security Applications Conference, pages 307--316. ACM, 2010. Google ScholarDigital Library
- CNN. Facebook status update provides alibi. Online at http://cnn.com/2009/CRIME/11/12/facebook.alibi/index.html, nov 2009.Google Scholar
- M. Cohen. PyFlag-An advanced network forensic framework. digital investigation, 5:S112--S120, 2008. Google ScholarDigital Library
- EFF. Social Media and Law Enforcement: Who Gets What Data and When? Online at https://www.eff.org/deeplinks/2011/01/social-media-and-law-enforcement-who-gets-what.Google Scholar
- Facebook. Graph API. Online at https://developers.facebook.com/docs/reference/api/.Google Scholar
- Facebook. Statistics of Facebook. Online at http://www.facebook.com/press/info.php?statistics. Accessed April 20th, 2011.Google Scholar
- Facebook. The Facebook Blog: Giving You More Control. Online at https://blog.facebook.com/blog.php?post=434691727130, oct 2010.Google Scholar
- K. Fowler. SQL Server forensic analysis. Addison-Wesley Professional, 2008. Google ScholarDigital Library
- FSF. Ocrad - The GNU OCR. Online at http://www.gnu.org/software/ocrad/.Google Scholar
- H. Gao, J. Hu, C. Wilson, Z. Li, Y. Chen, and B. Zhao. Detecting and characterizing social spam campaigns. In Proceedings of the 10th annual conference on Internet measurement, pages 35--47. ACM, 2010. Google ScholarDigital Library
- B. Hay, K. Nance, and M. Bishop. Live analysis: Progress and challenges. Security & Privacy, IEEE, 7(2):30--37, 2009. Google ScholarDigital Library
- M. Huber, M. Mulazzani, E. Weippl, G. Kitzler, and S. Goluch. Friend-in-the-middle attacks: Exploiting social networking sites for spam. Internet Computing, 2011. Google ScholarDigital Library
- T. Jagatic, N. Johnson, M. Jakobsson, and F. Menczer. Social phishing. Communications of the ACM, 50(10):94--100, 2007. Google ScholarDigital Library
- E. Kee and H. Farid. Digital image authentication from thumbnails. Proceedings of the SPIE, Electronic Imaging, Media Forensics and Security XII, 2010.Google Scholar
- R. Lu, X. Lin, X. Liang, and X. Shen. Secure provenance: the essential of bread and butter of data forensics in cloud computing. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pages 282--292. ACM, 2010. Google ScholarDigital Library
- Microsoft. PhotoDNA. Online at http://www.microsoftphotodna.com/.Google Scholar
- OpenQA. Selenium wep application testing system. Online at http://seleniumhq.org/.Google Scholar
- M. Perry. CookieMonster: Cookie Hijacking. Online at http://fscked.org/projects/cookiemonster, aug 2008.Google Scholar
- B. Ponurkiewicz. Faceniff. Online at http://faceniff.ponury.net/, jun 2011.Google Scholar
- N. A. Rahman. Scraping facebook email addresses. Online at http://www.kudanai.com/2008/10/scraping-facebook-email-addresses.html, aug 2008.Google Scholar
- M. Taylor, J. Haggerty, D. Gresty, and D. Lamb. Forensic investigation of cloud computing systems. Network Security, 2011(3):4--10, 2011. Google ScholarDigital Library
- The New York Criminal Law Blog. Criminal found via Facebook. Online at http://newyorkcriminallawyersblog.com/2010/03/assault-criminal-who-was-found-via-facebook-is-back-in-ny.html, mar 2009.Google Scholar
- The Washington Post. Facebook: a place to meet, gossip, share photos of stolen goods. Online at http://www.washingtonpost.com/wp-dyn/content/article/2010/12/14/AR2010121407423_pf.html, dec 2010.Google Scholar
- G. Wondracek, T. Holz, E. Kirda, and C. Kruegel. A Practical Attack to De-Anonymize Social Network Users. In Proceedings of the IEEE Symposium on Security and Privacy, 2010. Google ScholarDigital Library
- Xplico. Xplico - Network Forensic Analysis Tool. Online at http://www.xplico.org/.Google Scholar
Index Terms
- Social snapshots: digital forensics for online social networks
Recommendations
Developing a forensics tool for social media
ACM SE '14: Proceedings of the 2014 ACM Southeast Regional ConferenceMillions of users around the world utilize social media sites on any given day, spreading information about their activities, whereabouts and thoughts to friends and interested readers. These same messages can be used to construct a digital and physical ...
Social exchange in online social networks. The reciprocity phenomenon on Facebook
Our research is focused on reciprocity, which is crucial for social exchanges.The online social network platform of our choice was Facebook, which is one of the most successful online social sites.In our study we found strong empirical evidence that an ...
Characterizing user navigation and interactions in online social networks
Understanding how users navigate and interact when they connect to social networking sites creates opportunities for better interface design, richer studies of social interactions, and improved design of content distribution systems. In this paper, we ...
Comments