TEAM Editor-in-Chief Joanna Kretowicz [email protected] Managing Editor: Michalina Szpyrka [email protected] Editors: Marta Sienicka [email protected] Marta Strzelec [email protected] Bartek Adach [email protected] Magdalena Jarzębska [email protected] Senior Consultant/Publisher: Paweł Marciniak CEO: Joanna Kretowicz [email protected] Marketing Director: Joanna Kretowicz [email protected] DTP Michalina Szpyrka [email protected] Cover Design Hiep Nguyen Duc Publisher Hakin9 Media Sp. z o.o. 02-511 Warszawa ul. Bielawska 6/19 Phone: 1 917 338 3631 www.eforensicsmag.com All trademarks, trade names, or logos mentioned or used are the property of their respective owners. The techniques described in our articles may only be used in private, local networks. The editors hold no responsibility for misuse of the presented techniques or consequent data loss.
An Introduction To Social Media Forensics by Gergo Varga People reveal an enormous amount about themselves on social media. Social media forensics is all about tapping into that huge collection of data. This guide looks at the kind of information that’s “out there” and discusses tools and techniques for accessing and manipulating it. They’re tools and techniques that can be used for many purposes, including criminal investigation, fraud prevention and – ironically – for actually committing crimes. But first, a little background. The Unstoppable Rise of Social (And the Data It Leaves Behind) The majority of people say that they are “more aware of” the data they share online nowadays. However, this doesn’t seem to have an impact on the popularity of social media. People have an average of 8.4 social media accounts each, according to SEO tips portal Backlinko. The growth of social media remains constant, with an average yearly usage increase of 12.5%. Social marketing dashboard Hootsuite reports a similar annual increase, and the company also states that individuals spend an average of 2 hours and 27 minutes using social media each day. It’s no wonder that people leave such a forensic trail in their wake. Social media users don’t always drop their electronic crumbs intentionally. Privacy settings on social sites and apps are often complex. Some users simply leave them on their defaults, while others lack the knowledge to lock down their accounts as much as they’d like to. 5
It’s not just about people who share every political thought on Twitter and every yoga session on Instagram. Even those who are guarded and “quiet” online leave a trail. Per a guide to social media lookups by SEON, as little as an email address can reveal information on the sites somebody is active on, as well as data points such as their age, gender, and workplace – from which the fraud prevention company can spot fraudulent users, as well as identify other use cases across industries. “Average” users also tend to be unaware of the data artifacts social apps leave behind on their computers and mobile devices. These can include historical photos and deleted messages people assumed were gone for good. Social media forensics is a broad term. It can cover everything from systematic searches of individual social networks to low-level data dumps of mobile devices. While the data – often referred to as part of Open Source Intelligence (OSINT) – is powerful in itself, it’s the ability to compile it and “join the dots” where the true potency lies. Increasingly, we see the results of social media forensics work – in popular culture, in court cases, and on newspaper front pages. Those small crumbs of information can lead to a trail that spans everything from people’s political leanings to where they go and who they’re connected to. Uses for Social Media Forensics Like so many things in the online world, digital forensics can be used both for good and for ill, and on a micro or macro level. Individuals are perhaps unaware that they’re making use of the power of social media forensics when they do some online “due diligence” on a potential Tinder date or a new tradesperson to work on their home. Meanwhile, companies often use social media data to verify the legitimacy of customers and transactions. As mentioned above and in agreement with our internal data, people typically have from five to eight social media accounts. An email address not linked to any such accounts can raise an electronic red flag. Social media forensics are also widely used in law enforcement, helping agencies and police departments both to investigate crimes and to provide compelling evidence. On the darker side, such readily available information can perpetuate activities such as spear-phishing and cyberstalking, as well 6
as elaborate schemes such as CEO impersonation fraud. It’s fair to say that the tools and techniques below can all be used both honestly and egregiously. Ways to Perform Social Media Forensics Following the Trail – Manual Lookups and Advanced Searches Social Media forensics can begin with nothing more than a Google search box or the search facility on any social network. Searching for an individual on Facebook, for example, often reveals a huge amount – such as a full friends list, a home location and a workplace. Advanced search lookups take this one step further. Search engines like Google allow the use of a wide range of search operators, of which AHRefs provides a full list. Google can in fact serve as the jump-off point for searching multiple social networks at once - by using the “site:” operator and including all the desired sites in the search. Advanced searches are also possible within the sites themselves. Twitter, for example, allows you to use a full Google-style range of operators from its search bar. In the case of Facebook, it’s possible to search for people based on factors such as city or workplace. While these techniques can prove effective, they don’t always scale well on a manual level. Some of the tools below help you to perform “bulk” and automated social media forensics work. Tools and Utilities to Consider SEON Primarily intended for fraud prevention, SEON’s offering includes a social media lookup tool that pulls multiple data points from over 35 different social networks. From a crumb of data such as an email address, a phone number or an IP address, SEON will enrich it with live results, including which of the social networks a person is linked to, grabbing information including profile URLs, bios and avatars. What’s more, it’s not just about social media: the tool also checks less common online platforms and portals for accounts linked to this primary data, including Github, TripAdvisor and eBay. It’s possible to use the tool on a manual, ad-hoc basis, but it also offers API integration, so it can form part of an automated social media forensics system. 7
However, it does offer mail merge and web hook functionality. This allows for the bulk collection and export of social media data for purposes such as marketing. WebPreserver Evidence collection and preservation tool WebPreserver is primarily aimed at law enforcement agencies. It runs as a Chrome plug-in, allowing officials to capture “forensically defensible” evidence during investigations, complete with timestamps and digital signatures. The tool also expands comment threads and replies. It’s a good example of where an automated tool can save considerable time compared to manual social media forensics. WebPreserver can also capture and export entire Facebook timelines for use in criminal legal investigations and elsewhere. TweetBeaver Another tool that concentrates on a specific social network, TweetBeaver helps to investigate the sprawling and complex connections and interactions that take place on Twitter. For example, it allows lookups based on accounts that follow each other, friends in common, and conversations between users. It also facilitates the download of follower lists and full user timelines. This has been used by journalists to further verify someone is who they claim to be, as well as to uncover misinformation networks. Maltego Maltego is a full suite of OSINT tools designed to help law enforcement agencies and cybersecurity professionals gather information. It’s particularly strong on finding links between individuals. Maltego uses a selection of modules known as “transforms”. Of particular interest to those involved in social media forensics is Social Links (also available for intelligence analysis platform, i2). Social Links not only finds links between social media accounts, but it also looks for connections on blockchain networks and on the dark web. Cellebrite Cellebrite provides a range of tools aimed at law enforcement, such as those intended for deep-level forensic investigation. 9
This can include gaining file-system level access to mobile devices in order to access data artifacts left behind by social media apps. The brand’s Digital Intelligence Solution Suite is well worth a look into by those who need to analyze and investigate people online. They also provide a series of courses to help people make the most of the functionality. Parting Thoughts As you can see, the social media forensics tools here run the full gamut – from open source command line tools to commercial products. Some of the latter are only marketed to law enforcement agencies – which is understandable given how they could be used in the wrong hands. It’s also important to point out that those seeking to use social media forensics for legitimate purposes should still be aware that some methods could create legal troubles, depending on the locale of both researcher and investigation subject. It could well prove possible to access data that cannot be used without falling foul of GDPR or other data protection legislation. On the open-source side, it’s worth noting that some tools may cease to work over time. Social networks have been known to patch areas that are being exploited as ways that allow bulk export of “their” data. Methods have always adapted over time, and will continue to do so. About the Authors Gergo Varga - has been fighting online fraud since 2009 at various companies – even co-founding his own anti-fraud startup. He's the author of the Fraud Prevention Guide for Dummies – SEON Special edition. He currently works as the Senior Content Manager / Evangelist at SEON, using his industry knowledge to keep marketing sharp, communicating between the different departments to understand what's happening on the frontlines of fraud detection. He lives in Budapest, Hungary, and is an avid reader of philosophy and history. 10
Search
Read the Text Version
- 1 - 10
Pages:
