Data Visualization for Social Network Forensics

  • Martin Mulazzani
  • Markus Huber
  • Edgar Weippl
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 383)


With hundreds of millions of users worldwide, forensic data extraction from social networks has become an important research problem. However, forensic data collection is tightly connected to social network operators, which leads to problems related to data completeness and data compatibility. This paper discusses the important data sources and analytical methods for the forensic analysis of social networks. It shows how the data sources can be evaluated in an automated fashion without assistance from social network operators. While the proposed methods apply to the vast majority of social networks, their feasibility is demonstrated using a Facebook case study.


Social networks online forensics visualization 


  1. 1.
    M. Bastian, S. Heymann and M. Jacomy, Gephi: An open source software for exploring and manipulating networks, Proceedings of the Third AAAI International Conference on Weblogs and Social Media, pp. 361–362, 2009.Google Scholar
  2. 2.
    D. Beaver, S. Kumar, H. Li, J. Sobel and P. Vajgel, Finding a needle in Haystack: Facebook’s photo storage, Proceedings of the Ninth USENIX Conference on Operating Systems Design and Implementation, 2010.Google Scholar
  3. 3.
    V. Blondel, J. Guillaume, R. Lambiotte and E. Lefebvre, Fast unfolding of communities in large networks, Journal of Statistical Mechanics: Theory and Experiment, vol. 2008(10), 2008.Google Scholar
  4. 4.
    J. Bonneau, J. Anderson, R. Anderson and F. Stajano, Eight friends are enough: Social graph approximation via public listings, Proceedings of the Second ACM EuroSys Workshop on Social Network Systems, pp. 13–18, 2009.CrossRefGoogle Scholar
  5. 5.
    E. Butler, Firesheep (, 2011.
  6. 6.
    D. Brezinski and T. Killalea, RFC 3227: Guidelines for Evidence Collection and Archiving (, 2002.
  7. 7.
    B. Carrier, File System Forensic Analysis, Pearson, Upper Saddle River, New Jersey, 2005.Google Scholar
  8. 8.
    B. Chen, Apple promises fix for location-gathering “bug” on iPhone, Wired (, April 27, 2011.
  9. 9.
    M. Cohen, PyFlag – An advanced network forensic framework, Digital Investigation, vol. 5(S), pp. S112–S120, 2008.CrossRefGoogle Scholar
  10. 10.
    G. Conti, Security Data Visualization: Graphical Techniques for Network Analysis, No Starch Press, San Francisco, California, 2007.Google Scholar
  11. 11.
    X. Ding and H. Zou, Time based data forensic and cross-reference analysis, Proceedings of the ACM Symposium on Applied Computing, pp. 185–190, 2011.Google Scholar
  12. 12.
    Facebook, Facebook Law Enforcement Guidelines, Menlo Park, California (, 2010.
  13. 13.
    Facebook, Facebook Statistics, Menlo Park, California (www.face
  14. 14.
    Foursquare Labs, foursquare, New York (
  15. 15.
    M. Huber, M. Mulazzani, M. Leithner, S. Schrittwieser, G. Wondracek and E. Weippl, Social snapshots: Digital forensics for online social networks, Proceedings of the Twenty-Seventh Annual Computer Security Applications Conference, pp. 113–122, 2011.Google Scholar
  16. 16.
    M. Huber, M. Mulazzani, E. Weippl, G. Kitzler and S. Goluch, Friend-in-the-middle attacks: Exploiting social networking sites for spam, IEEE Internet Computing, vol. 15(3), pp. 28–34, 2011.CrossRefGoogle Scholar
  17. 17.
    S. Morrissey, iOS Forensic Analysis, Apress, New York, 2010.CrossRefGoogle Scholar
  18. 18.
    S. Teelink and R. Erbacher, Improving the computer forensic analysis process through visualization, Communications of the ACM, vol. 49(2), pp. 71–75, 2006.CrossRefGoogle Scholar
  19. 19.
    Trustedsignal – Blog, Facebook Artifact Parser version .02 (, 2011.
  20. 20.
    P. Warden, iPhone Tracker (
  21. 21.
    S. Wasserman and K. Faust, Social Network Analysis: Methods and Applications, Cambridge University Press, Cambridge, United Kingdom, 1994.CrossRefGoogle Scholar
  22. 22.
    Xplico, Network Forensic Analysis Tool (

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Martin Mulazzani
    • 1
    • 2
  • Markus Huber
    • 1
    • 2
  • Edgar Weippl
    • 1
    • 2
  1. 1.Vienna University of TechnologyViennaAustria
  2. 2.SBA ResearchViennaAustria

Personalised recommendations