If anyone could provide a good case study on investigating social networks that would be great.
For example investigating someone that is suspected of causing online harassment/abuse/stalking etc by using facebook and other sites to cause harm to their victim.
Even a basic step by step guideline type would be very useful.
If you were asked to analyze the system of someone suspected of "cyberbullying" or stalking, I would think that the approach would be something like
1. Get as much information as you can about the activities…user accounts, screen names, etc., of both the suspect and the target. Also look for specific unique words or phrases the suspect may have used. You can also use these to perform Google searches to look for any other possible accounts or screen names.
2. Determine which browser(s) were used, and retrieve and analyze the history and cache.
3. Perform an examination of unallocated space, the pagefile, or any hibernation files to look for indication of activity. This is where EnCase's Search Preview capability is very useful…I've written my own versions of this using Perl, as the technique itself is valuable.
4. Look for indications of smart phone backup files on the system as a secondary source of data.
HTH
In general, I like to learn work flow, methodology, and thought pattern, not necessarily the nitty gritty of the technical details.
What step must be done prior to an other step?
Why go down one path of analysis, but ignore or abandon an other?
What tools were used with a problem?
I am not really interested in reading about the basics of how to image, chain of custody, write blocking, carving, etc. the banal, the push-button, the "you should know this already" material.
Following on from an earlier discussion, I'd like to revisit the idea of "case studies".
What would people find useful in a case study, e.g. what subject areas would we like to see covered, what level of expertise, what format should it take etc.?
If I can gain a better understanding of what people are looking for I may be able to facilitate something in future.
Please let me know your thoughts, thank you.
Jamie
jhup,
Do you have an example you can share, or refer to?
Hmmm. I am corporate FI so all my work is tied to my firm, therefore all the cases are intertwined with the quirkiness of this specific corporate culture…
I maybe able to talk about scenarios where i got stuck, and how root cause analysis prompted security to implement something to prevent the same scenario in the future . . . ?
Hmmm. I am corporate FI so all my work is tied to my firm, therefore all the cases are intertwined with the quirkiness of this specific corporate culture…
While I understand your position, I think that is also the reason why there aren't more "case studies" available…not only can some folks not provide them for reasons similar to the above, but others may not provide them b/c doing so would be feeding into a black hole.
I think most of the time we post useful responses, they are "black hole" scenarios.
Yet, we still do.
Even for Jesus only one out of ten returned to be thankful.
JLJR,
I was wondering if you'd had a chance to look at the below…I had posted it in response to your request, "If anyone could provide a good case study on investigating social networks that would be great. "
Thoughts?
If you were asked to analyze the system of someone suspected of "cyberbullying" or stalking, I would think that the approach would be something like
1. Get as much information as you can about the activities…user accounts, screen names, etc., of both the suspect and the target. Also look for specific unique words or phrases the suspect may have used. You can also use these to perform Google searches to look for any other possible accounts or screen names.
2. Determine which browser(s) were used, and retrieve and analyze the history and cache.
3. Perform an examination of unallocated space, the pagefile, or any hibernation files to look for indication of activity. This is where EnCase's Search Preview capability is very useful…I've written my own versions of this using Perl, as the technique itself is valuable.
4. Look for indications of smart phone backup files on the system as a secondary source of data.
HTH
keydet89,
Yes I did and it was just what I was looking for so thanks alot for that.
Tried looking online but there doesn't seem to be much info available out there about forensics and social networks, or when I found some it wasn't very detailed, so your reply was much appreciated.
Thanks again
I posted a short case study to the Win4n6 Yahoo group last night, and wanted to share this excellent case study written by Andrew Case
http//