Data Visualization for Social Network Forensics
With hundreds of millions of users worldwide, forensic data extraction from social networks has become an important research problem. However, forensic data collection is tightly connected to social network operators, which leads to problems related to data completeness and data compatibility. This paper discusses the important data sources and analytical methods for the forensic analysis of social networks. It shows how the data sources can be evaluated in an automated fashion without assistance from social network operators. While the proposed methods apply to the vast majority of social networks, their feasibility is demonstrated using a Facebook case study.
KeywordsSocial networks online forensics visualization
- 1.M. Bastian, S. Heymann and M. Jacomy, Gephi: An open source software for exploring and manipulating networks, Proceedings of the Third AAAI International Conference on Weblogs and Social Media, pp. 361–362, 2009.Google Scholar
- 2.D. Beaver, S. Kumar, H. Li, J. Sobel and P. Vajgel, Finding a needle in Haystack: Facebook’s photo storage, Proceedings of the Ninth USENIX Conference on Operating Systems Design and Implementation, 2010.Google Scholar
- 3.V. Blondel, J. Guillaume, R. Lambiotte and E. Lefebvre, Fast unfolding of communities in large networks, Journal of Statistical Mechanics: Theory and Experiment, vol. 2008(10), 2008.Google Scholar
- 5.E. Butler, Firesheep (codebutler.com/firesheep), 2011.
- 6.D. Brezinski and T. Killalea, RFC 3227: Guidelines for Evidence Collection and Archiving (www.faqs.org/rfcs/rfc3227.html), 2002.
- 7.B. Carrier, File System Forensic Analysis, Pearson, Upper Saddle River, New Jersey, 2005.Google Scholar
- 8.B. Chen, Apple promises fix for location-gathering “bug” on iPhone, Wired (www.wired.com/gadgetlab/2011/04/iphone-location-bug), April 27, 2011.
- 10.G. Conti, Security Data Visualization: Graphical Techniques for Network Analysis, No Starch Press, San Francisco, California, 2007.Google Scholar
- 11.X. Ding and H. Zou, Time based data forensic and cross-reference analysis, Proceedings of the ACM Symposium on Applied Computing, pp. 185–190, 2011.Google Scholar
- 12.Facebook, Facebook Law Enforcement Guidelines, Menlo Park, California (www.eff.org/sites/default/files/filenode/social_network/Facebook2010_SN_LEG-DOJ.PDF), 2010.
- 14.Foursquare Labs, foursquare, New York (foursquare.com).
- 15.M. Huber, M. Mulazzani, M. Leithner, S. Schrittwieser, G. Wondracek and E. Weippl, Social snapshots: Digital forensics for online social networks, Proceedings of the Twenty-Seventh Annual Computer Security Applications Conference, pp. 113–122, 2011.Google Scholar
- 19.Trustedsignal – Blog, Facebook Artifact Parser version .02 (trustedsignal.com/code/fbartiparse.py), 2011.
- 20.P. Warden, iPhone Tracker (petewarden.github.com/iPhoneTracker).
- 22.Xplico, Network Forensic Analysis Tool (www.xplico.org).