Transcript slides
Social Networking Forensics Team 6 Janet Cheng Jennifer Hoffman Therese LaMarche Ahmet Tavil Amit Yadav Client: Steve Kim Professor Tappert Overview • Background information about Social Network Forensics • Forensic tools • Top ten social networking sites and their privacy configurations • Social Networking Tracker Website • Find IP address in Gmail, Yahoo, and Hotmail • Demonstrations on C# Program and PHP website • Future recommendations ▫ Page 1 Background Information Cases “A 22-year-old Arizona woman was arrested for plotting a murder on another woman after seeing photos from her boyfriend’s MySpace website.” “Three suspects have been charged in connection with a kidnap and attempted murder of a man, after meeting with a woman through a social networking website called mocospace.com.” “A mother falsified her identity using MySpace to hoax a 13-year-old neighbor who later committed suicide. “ • • Numerous murders, kidnaps, robbers, and etc. involve social networking sites led to security issues Security has not been a high priority in the popular social networking sites ▫ Page 2 Commonly Used Forensic Applications Product Name UNIX/Linux Windows Platform Platform Analyses (Windows/Unix) Product Description Encase Forensics No Yes W, U Complex GUI, managing large volume of data including deleted files, and customized reports Forensic Toolkit No Yes W, U Full Unicode support, search engines for indexed search, broad file system support i2Analyst’s Notebook No Yes -- Visualize large volume data seeing big picture, reveal patterns ProDiscover Incident Response No Yes W, U Examine live system anywhere in the network, search entire disk, creates and record MD5, SHA1, or SHA256 hashes of evidence Slueth Kit/Autopsy Browser Yes No W, U GUI, HTML-based and connect with the Autopsy server using HTML browser, “File Manager” ▫ Page 3 Social Networking Sites Security Configurations Evaluated on all different social networking sites focusing on their privacy configurations ▫ Page 4 Social Network Supports HTML Visitor Tracker Customizable Privacy Settings Bebo No No Yes Facebook No No Yes Friendster No Yes Yes Hi5 Yes Yes Yes MySpace Yes No Yes Netlog No No Yes Orkut No Yes Yes PerfSpot Yes Yes Yes Yahoo!360 Yes No Yes Zorpia No No Yes Social Networking Sites Security Configurations Extended Tracker Program Created a website called “Social Networking Visitor Tracker”. Developed and tested modules for major Social Networking Sites. ▫ Page 5 Social Networking Website Supports Visitor Tracker Program AOL Instant Messenger Yes Bebo No DeviantArt.com No eBay Yes Facebook No Friendster Yes Hi5 Yes NetLog No MySpace Yes Orkut No PerfSpot No Yahoo!360 Yes Zorpia No Tracing sender‘s IP address from an E-mail account Gmail • Access your inbox • Click on the message • Click on the upside down triangle located on the right • Select “Show Original” ▫ Page 6 Tracing sender‘s IP address from an E-mail account Hotmail • • • • Make sure you are in classic mode Right click on message Click on the message Select “View Message Source” ▫ Page 7 Tracing sender‘s IP address from an E-mail account Yahoo! Mail • Select the message • Scroll down and click “Full Headers” ▫ Page 8 Demo Demonstration: C# Application Security Configurations ▫ Page 9 Demo Demonstration: PHP Website Security Configurations ▫ Page 10 Future Recommendations • Retrieving more information about the visitor of a monitored Social Networking page • Develop additional modules for the PHP tool to support Facebook, Second Life and other websites. • Craigslist presents the need to be monitored due to the increasing cases in scams. Craigslist users could benefit from knowing more about the people contacting them. ▫ Page 11