±Partners and Sponsors

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 5
New Yesterday: 12
Overall: 26994
Visitors: 86

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Social media forensic collections

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

Social media forensic collections

Post Posted: Sun May 18, 2014 3:30 am

I'd like to ask what tools/ methodologies people are using for admissible collection of data from social media services when you have possession of the subject's log in credentials.

Any feedback most appreciated.
_________________
Forensic Control
twitter.com/ForensicControl 

Jonathan
Senior Member
 
 
  

Re: Social media forensic collections

Post Posted: Sun May 18, 2014 1:01 pm

AFENTIS had a tool that was available on this website. The link was:-

www.forensicfocus.com/...s/lid=161/

I have not used it myself but it may give you what you need.
_________________
There is nothing either good or bad, but thinking makes it so. 

ludlowboy
Senior Member
 
 
  

Re: Social media forensic collections

Post Posted: Sun May 18, 2014 3:00 pm

- Jonathan
I'd like to ask what tools/ methodologies people are using for admissible collection of data from social media services when you have possession of the subject's log in credentials.

Any feedback most appreciated.


Hello Jonathan,

Option 1 - Image the subject's digital devices and run IEF (Internet Evidence Finder).

Option 2 - Use preservation and search warrant and request social media services to release the required data and this should include any deleted or amended data.

Option 3 - Use the settings options available in social media services, such as facebook for example and ask the subject to download data.

More options might be available as well depending on circumstances and case, and the type of data that is actually required and its importance in connecting it to the case.


BH.  

BRAVEHEART
Member
 
 
  

Re: Social media forensic collections

Post Posted: Sun May 18, 2014 3:54 pm

An article by Attorney Benjamin Wright who teaches at SANS . . . .

www.forensicmag.com/ar...estigators  

BRAVEHEART
Member
 
 
  

Re: Social media forensic collections

Post Posted: Mon May 19, 2014 2:22 am

Thank you ludlowboy and Braveheart - your option 3 appears to be the a reasonable method.

Jonathan
_________________
Forensic Control
twitter.com/ForensicControl 

Jonathan
Senior Member
 
 
  

Re: Social media forensic collections

Post Posted: Mon May 19, 2014 10:47 am

- Jonathan
Thank you ludlowboy and Braveheart - your option 3 appears to be the a reasonable method.


If you are going that route, I'd suggest that you either ask the subject to give you the download link or observe them downloading it and then preserve the archive immediately. For most of the popular services (e.g. Facebook & Twitter), the download is a zip archive containing files most people would be able to tamper with if they wanted to before re-zipping and providing them to you.

Another option for credentialed access is X1 Social Discovery. At $1499, it's not cheap, but it works well.

Cheers,
Lars  

Last edited by lars on Tue May 20, 2014 10:42 am; edited 1 time in total

lars
Member
 
 
  

Re: Social media forensic collections

Post Posted: Tue May 20, 2014 10:09 am

Thanks Lars, good points.

X1 Social Discovery looks good, will have a play with the trial version.
_________________
Forensic Control
twitter.com/ForensicControl 

Jonathan
Senior Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 2
Go to page 1, 2  Next