Transcript slides

Social Networking Forensics
Team 6
Janet Cheng
Jennifer Hoffman
Therese LaMarche
Ahmet Tavil
Amit Yadav
Client: Steve Kim
Professor Tappert
Overview
• Background information about Social Network Forensics
• Forensic tools
• Top ten social networking sites and their privacy configurations
• Social Networking Tracker Website
• Find IP address in Gmail, Yahoo, and Hotmail
• Demonstrations on C# Program and PHP website
• Future recommendations
▫ Page 1
Background Information
Cases
“A 22-year-old Arizona woman was arrested for plotting a murder on another woman after seeing
photos from her boyfriend’s MySpace website.”
“Three suspects have been charged in connection with a kidnap and attempted murder of a man,
after meeting with a woman through a social networking website called mocospace.com.”
“A mother falsified her identity using MySpace to hoax a 13-year-old neighbor who later committed
suicide. “
•
•
Numerous murders, kidnaps, robbers, and etc. involve social networking sites led to security issues
Security has not been a high priority in the popular social networking sites
▫ Page 2
Commonly Used Forensic Applications
Product
Name
UNIX/Linux Windows
Platform
Platform
Analyses
(Windows/Unix)
Product Description
Encase
Forensics
No
Yes
W, U
Complex GUI, managing large
volume of data including deleted
files, and customized reports
Forensic
Toolkit
No
Yes
W, U
Full Unicode support, search
engines for indexed search, broad
file system support
i2Analyst’s
Notebook
No
Yes
--
Visualize large volume data seeing
big picture, reveal patterns
ProDiscover
Incident
Response
No
Yes
W, U
Examine live system anywhere in
the network, search entire disk,
creates and record MD5, SHA1, or
SHA256 hashes of evidence
Slueth
Kit/Autopsy
Browser
Yes
No
W, U
GUI, HTML-based and connect
with the Autopsy server using
HTML browser, “File Manager”
▫ Page 3
Social Networking Sites
Security Configurations
Evaluated on all different social
networking sites focusing on their
privacy configurations
▫ Page 4
Social
Network
Supports
HTML
Visitor
Tracker
Customizable Privacy
Settings
Bebo
No
No
Yes
Facebook
No
No
Yes
Friendster
No
Yes
Yes
Hi5
Yes
Yes
Yes
MySpace
Yes
No
Yes
Netlog
No
No
Yes
Orkut
No
Yes
Yes
PerfSpot
Yes
Yes
Yes
Yahoo!360
Yes
No
Yes
Zorpia
No
No
Yes
Social Networking Sites
Security Configurations
Extended
Tracker Program
Created a website called “Social
Networking Visitor Tracker”.
Developed and tested modules for
major Social Networking Sites.
▫ Page 5
Social Networking
Website
Supports Visitor
Tracker Program
AOL
Instant Messenger
Yes
Bebo
No
DeviantArt.com
No
eBay
Yes
Facebook
No
Friendster
Yes
Hi5
Yes
NetLog
No
MySpace
Yes
Orkut
No
PerfSpot
No
Yahoo!360
Yes
Zorpia
No
Tracing sender‘s IP address from an E-mail account
Gmail
• Access your inbox
• Click on the message
• Click on the upside down triangle
located on the right
• Select “Show Original”
▫ Page 6
Tracing sender‘s IP address from an E-mail account
Hotmail
•
•
•
•
Make sure you are in classic mode
Right click on message
Click on the message
Select “View Message Source”
▫ Page 7
Tracing sender‘s IP address from an E-mail account
Yahoo! Mail
• Select the message
• Scroll down and click “Full Headers”
▫ Page 8
Demo Demonstration: C# Application
Security Configurations
▫ Page 9
Demo Demonstration: PHP Website
Security Configurations
▫ Page 10
Future Recommendations
• Retrieving more information about the visitor of a monitored Social
Networking page
• Develop additional modules for the PHP tool to support Facebook,
Second Life and other websites.
• Craigslist presents the need to be monitored due to the increasing cases
in scams. Craigslist users could benefit from knowing more about the
people contacting them.
▫ Page 11