This document outlines the design and evaluation of a tool called Social Snapshots for gathering information from online social networks. It includes sections on the brief background of social networks and challenges with existing data collection methods, the design of Social Snapshots which takes a hybrid approach using a third-party application and crawling, results from evaluating Social Snapshots on Facebook including runtime and types of data fetched, and challenges encountered in the evaluation.
1. Outline Brief background Design Results and Evaluation Concluding remarks References
Social Snapshots
Digital Forensics for Online Social Networks
Markus Huber∗† , Martin Mulazzani∗ , Manuel Leithner∗ ,
Sebastian Schrittwieser∗ , Gilbert Wondracek‡ , Edgar Weippl∗
*SBA Research
† Vienna PhD school of informatics
‡ Vienna University of Technology
ACSAC 2011, Orlando (FL)
Markus Huber SBA Research, mhuber@sba-research.org
1/23 Social Snapshots: Digital Forensics for Online Social Networks
2. Outline Brief background Design Results and Evaluation Concluding remarks References
1 Brief background
Social Snapshots
2 Design
Authentication
Modules
3 Results and Evaluation
Evaluation
Results: information gathering
4 Concluding remarks
Markus Huber SBA Research, mhuber@sba-research.org
2/23 Social Snapshots: Digital Forensics for Online Social Networks
3. Outline Brief background Design Results and Evaluation Concluding remarks References
Brief Background
Markus Huber SBA Research, mhuber@sba-research.org
3/23 Social Snapshots: Digital Forensics for Online Social Networks
4. Outline Brief background Design Results and Evaluation Concluding remarks References
Online Social Networks (OSNs)
Currently largest and fasted growing web services
Personal data of hundreds of million people
Facebook, LinkedIn, XING, etc.
1 Replace traditional means of digital storage, sharing, and
communication
Need for novel digital forensics data collection methods
2 Research on OSNs security issues
Empirical studies [1, 2, 4, 3, 5] depend on initial data gathering
Markus Huber SBA Research, mhuber@sba-research.org
4/23 Social Snapshots: Digital Forensics for Online Social Networks
5. Outline Brief background Design Results and Evaluation Concluding remarks References
State-of-the-art information gathering methods
Extraction of sensitive information poses non-trivial
challenge
Simple web crawlers (libwww etc.)
Number of shortcomings
1 High network traffic
2 Additional or hidden data
3 Maintainability
Markus Huber SBA Research, mhuber@sba-research.org
5/23 Social Snapshots: Digital Forensics for Online Social Networks
6. Outline Brief background Design Results and Evaluation Concluding remarks References
Social Snapshots
Main contributions
Novel techniques to gather OSNs data
Hybrid approach: Third-party application + crawling
Social Snapshot prototype for Facebook
Core framework released as open-source software
First experimental evaluation
Based on Facebook
Markus Huber SBA Research, mhuber@sba-research.org
6/23 Social Snapshots: Digital Forensics for Online Social Networks
7. Outline Brief background Design Results and Evaluation Concluding remarks References
Design
Markus Huber SBA Research, mhuber@sba-research.org
7/23 Social Snapshots: Digital Forensics for Online Social Networks
8. Outline Brief background Design Results and Evaluation Concluding remarks References
Design goals
Simulate average user
Limit network-traffic, gathering-duration
Standard Web Browser
Collection of meta-data
Rely on rich data available through APIs
Open-source software (OSS)
Markus Huber SBA Research, mhuber@sba-research.org
8/23 Social Snapshots: Digital Forensics for Online Social Networks
9. Outline Brief background Design Results and Evaluation Concluding remarks References
Social Snapshot Framework
Social snapshot Third-party
client application
6. API requests
7. social data
2. Shared secret Social Network
Service Cloud
1. Authentication 3. Contact list
(credentials / cookie)
4. Session secret
5. Crawler data
Social data pool
automated web browser Web server
Web server
Markus Huber SBA Research, mhuber@sba-research.org
9/23 Social Snapshots: Digital Forensics for Online Social Networks
10. Outline Brief background Design Results and Evaluation Concluding remarks References
Authentication
How-to gather the initial authentication token
Consent
Easiest case, preferred method for research
Hijack social networking sessions
WiFi, LAN
Extraction from forensic image
Stored authentication cookies from seized hard-drives
Markus Huber SBA Research, mhuber@sba-research.org
10/23 Social Snapshots: Digital Forensics for Online Social Networks
11. Outline Brief background Design Results and Evaluation Concluding remarks References
Modules
Social Snapshot Framework modules
Social snapshot client
Automated web browser
Third-party social snapshot application
Hijack
Digital image forensics
Analysis
Markus Huber SBA Research, mhuber@sba-research.org
11/23 Social Snapshots: Digital Forensics for Online Social Networks
12. Outline Brief background Design Results and Evaluation Concluding remarks References
Results and Evaluation
Markus Huber SBA Research, mhuber@sba-research.org
12/23 Social Snapshots: Digital Forensics for Online Social Networks
13. Outline Brief background Design Results and Evaluation Concluding remarks References
Evaluation
Evaluation based on Facebook
Element Download social snapshot
Contact details − !Crawler
Evalation based on News feed − !Graph API
Facebook Checkins − !Graph API
Photo Tags − !Graph API
At the time of writing: Video Tags − !Graph API
largest online social Friends name onlya !Graph API
network Likes name onlya !Graph API
Movies name onlya !Graph API
Support for third-party Music name onlya !Graph API
applications Books name onlya !Graph API
Graph API enables access Groups name onlya !Graph API
Profile feed (Wall) limitedb !Graph API
great majority of account Photo Albums limitedb !Graph API
content Video Uploads limitedb !Graph API
Messages limitedb !Graph API
Markus Huber SBA Research, mhuber@sba-research.org
13/23 Social Snapshots: Digital Forensics for Online Social Networks
14. Outline Brief background Design Results and Evaluation Concluding remarks References
Evaluation
Graph API Result example
{” i d ” : ” 12345678 ” , ”name” : ” John Doe” ,
” f i r s t n a m e ” : ” John ” , ” l a s t n a m e ” : ”Doe” ,
” l i n k ” : ” h t t p : //www. f a c e b o o k . com/ j o h n d o e ” ,
” username ” : ” j o h n d o e ” , ” b i r t h d a y ” : ” 04/01/1975 ” ,
” hometown ” : {” i d ” : ” ” , ”name” : n u l l } ,
” q u o t e s ” : ” s o c i a l s n a p s h o t y o u r a c c o u n t ! . n” ,
” g e n d e r ” : ” male ” , ” e m a i l ” : ” j o h n d o e @ e x a m p l e . com” ,
” t i m e z o n e ” : 2 , ” l o c a l e ” : ” en US ” , ” v e r i f i e d ” : t r u e ,
” u p d a t e d t i m e ” : ”2011−05−15 T 1 3 : 0 5 : 1 9 +0000”}
Markus Huber SBA Research, mhuber@sba-research.org
14/23 Social Snapshots: Digital Forensics for Online Social Networks
15. Outline Brief background Design Results and Evaluation Concluding remarks References
Evaluation
Challenges
Hijack module
No direct support to set cookies in Selenium (patch for server)
Graph API SDK
Too slow (modified original lib)
Crawling of contact details
List of friends (via API)
Plaintext emails replaced with images (image generation script)
Emails get removed completely (address.yahoo.com)
Recruiting test subjects
Challenging (25 test subjects)
Markus Huber SBA Research, mhuber@sba-research.org
15/23 Social Snapshots: Digital Forensics for Online Social Networks
16. Outline Brief background Design Results and Evaluation Concluding remarks References
Results: information gathering
Run-Time
Third-party application 12.79min on average
Crawler 14min on average
Fetched elements
Third-party required 9802 API requests on average
Crawler processed 238 friend profiles on average
After 162 plaintext email addresses we had to solve 85 email
addresses with OCR
Markus Huber SBA Research, mhuber@sba-research.org
16/23 Social Snapshots: Digital Forensics for Online Social Networks
17. Outline Brief background Design Results and Evaluation Concluding remarks References
Results: information gathering
Video/demo.avi
Markus Huber SBA Research, mhuber@sba-research.org
17/23 Social Snapshots: Digital Forensics for Online Social Networks
18. Outline Brief background Design Results and Evaluation Concluding remarks References
Results: information gathering
Bob Dalton 7:44:50 AM
12:32:50 PM
3:20:32 PM 5:51:35 PM
Uploaded digital picture Private Message Wall Post ID 123456789
ID 11111111 ID 77777777
Privacy: EVERYBODY
Like Wall Post ID 1234567 ID 00000000
of User 123456 To Grat Dalton
Privacy: ALL_Friends
1 Comments
UTC-5 Matched Source Image:
CIMG2216.JPG
ID 333333
01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00
1/13/2011 12:00 AM 1/14/2011 12:00 AM
User Bill Power ID 222222 Private Message
Wall Post ID 1234567 ID 0000001
User Dick Broadwell ID 4444444 User Grat Dalton ID 333333 User Dick Broadwell ID 4444444
6:43:12 AM
Posted video ID 1234567 Comment Wall Post ID 123456789
6:27:12 PM
10:56:50 AM 8:48:00 PM
Markus Huber SBA Research, mhuber@sba-research.org
18/23 Social Snapshots: Digital Forensics for Online Social Networks
19. Outline Brief background Design Results and Evaluation Concluding remarks References
Results: information gathering
William H. Press
Guy L. Steele, ...
Srinidhi Varada... Guido van Rossum
Daniel Mopati K...
Yukihiro Matsum...
G.M. Nijssen
Amir Pnueli
David H. D. War...
Terry Winograd
Gordon Plotkin Sophie Wilson Vinod Dham
James Z. Wang Michael I. Schw...
Adi Shamir
Barbara J. Grosz
Alan Perlis Joseph Weizenbaum Carl Kesselman
Susan Dumais
Philip-Emeagwali
Cleve Moler
Grady Booch
James G. Nell
Donald Firesmith
Donald Knuth
Janet L. Kolodner
Larry Wall
Stephen Muggleton James Gosling
Frances E. Allen Alfred Aho
Jack E. Bresenham
Butler W. Lampson
Sanjeev Arora
James C. Beatty...
David A. Huffman Joseph F Traub
George
Jeffrey D. Ullman Boole Per Brinch Hansen François Vernadat
Ken Kennedy Wim Ebbinkhuijsen Richard Veryard
Chris McKinstry
Adriaan van Wij... Joseph Halpern
Jie Wu Thomas Sterling Gordon Cormack
Börje Langefors
Michael Stonebr... Les Hatton Leonard Adleman Herman Hollerith
Michael Garey Joseph Kruskal
Marvin Minsky
Edward H. Short... Kathleen R. McK...
Bruce Schneier Andrew Herbert
Ken Thompson
Edwin Catmull
John George Kem...
Godfried Toussa... Edsger Dijkstra Fred B. Schneider
Thomas E. Kurtz Jonathan James Douglas McIlroy
Carl Sassenrath
Marilyn A. Walker He Jifeng
Robert Floyd Seinosuke Toda
Edgar F. Codd
Fernando J. Cor... Neil J. Gunther
James H. Wilkin...
Eric Horvitz
David Liddle
Christopher Ric... Bernard Galler
Herbert W. Franke Zvi Galil
Marco Dorigo Admiral Grace H...
Ron Rivest
Winston W. Royce
Luis von Ahn
William Kahan Frieder Nake
Tim Berners-Lee Mihai Nadin
John McCarthy Edmund M. Clarke
David S. Johnson
Gerrit Blaauw John L. Hennessy Jiawei Han
Ole-Johan Dahl
Charles E. Leis...
Tom Gruber
Bill Gropp
Leonard Kleinrock Robin Milner
Erik Demaine
Steve Whittaker Dennis E. Wisno... Lambert Meertens
Paul Dourish
Ivar Jacobson
Hector Garcia-M...
Joyce K. Reynolds John Koza
Alan Burns
Douglas Lenat Stephen R. Bourne David A. Bader
Stephen Wolfram
Yuri Matiyasevich Tom Lane (compu...
Paul Graham
Michael Dertouzos
Ian Goldberg
Peter Wegner
Michael L. Scott
Brian Cantwell ... J.C.R. Licklider
Martin Hellman
William Wulf
Andries van Dam Sjaak Brinkkemper
Simon Colton Jonathan Bowen Zhou Chaochen
Alan Turing Andrew Ng
James Martin
Andrew Appel Patrick Cousot Vinton Cerf
Kurt Gödel
Bert Bos
Murray Turoff
Christopher Str... Dragomir R. Radev
Douglas T. Ross
Joseph Sifakis
Mark Overmars David Gelernter
Amos Nuwasiima
George Sadowsky Alexander Dewdney
Alan Dix
Emil Post
Bertrand Meyer Adam Riese
Jeff Rulifson
John C. Reynolds
Andrey Ershov
Brian Randell
Manindra Agrawal
John Backus
Jan Weglarz
Gordon Moore
Markus Huber SBA Research, mhuber@sba-research.org
19/23 Social Snapshots: Digital Forensics for Online Social Networks
20. Outline Brief background Design Results and Evaluation Concluding remarks References
Results: information gathering
Joel Moses
Robert E. Kahn Andrew S. Tanenbaum
David Liddle 2011-07-15T13:08:14
2011-07-05T15:30:17
2011-07-05T15:30:17
os question
ssl broken
unix problem James Martin 2011-07-15T14:11:55
Gerald Jay Sussman phd students
party
Robert Sproull
2011-07-15T14:11:55 2011-07-15T14:11:55
Tom DeMarco 2011-07-15T14:11:55
2011-07-05T15:30:17
2011-07-01T11:48:10 2011-07-15T14:11:55
social snapshot
2011-07-22T07:40:08 2011-07-17T19:59:48
2011-07-15T14:11:55
book chapter 2011-06-28T14:26:55 2011-07-15T14:11:55
2011-07-15T14:11:55
2011-07-03T14:36:45
2010-06-22T14:10:23 south africa Raj Reddy
fs carving Kristen Nygaard
2011-07-17T21:12:02
Wil van der Aalst
2011-07-17T21:15:16 Peter Bernus Stephen C. 2011-07-15T14:11:55
Johnson
2011-07-17T21:12:02
Bruce Schneier 2011-08-30T05:56:36
2011-06-30T16:27:33
2011-07-01T08:39:14 2011-07-15T14:11:55
2011-08-19T13:38:04
pyflag
fb forensics
sha vs. ripedm 2011-06-25T13:35:56
Jonathan Schaeffer
Madhu Sudan
2011-09-09T11:52:35 2011-06-30T09:15:31
2011-08-30T05:56:36
2011-07-17T21:14:17 Karen Sparck-Jones Leslie Valiant
2011-08-22T08:55:15
2010-05-26T10:21:06
2011-08-22T09:02:05
business plan privacy glitch
2011-06-28T08:48:32 Joseph Halpern
IFIP meeting
2011-09-13T15:04:50 John Krogstie
2011-07-20T18:32:41
ACSAC florida
digital forensics
preprint ifip12 Gordon Moore
Ronald Stamper Andrew Herbert
2011-09-09T09:08:13
CCS 2012
Arne Sølvberg Michael O. Rabin
2011-08-26T15:07:21 2011-07-17T21:14:17
whitebox crypto 2010-05-26T10:21:06
2011-08-22T09:02:05 Roland Carl Backhouse
Nello Cristianini presentation Bruce Schneier
Jon Postel
T. V. Raman
Bert Sutherland
Yukihiro Matsumoto bbq tomorrow
social graph
paper reviews
Marilyn A. Walker
2011-09-13T15:04:50
2011-07-20T18:32:41 Sheila Greibach
Gordon Cormack
Alonzo Church
Markus Huber SBA Research, mhuber@sba-research.org
20/23 Social Snapshots: Digital Forensics for Online Social Networks
21. Outline Brief background Design Results and Evaluation Concluding remarks References
Concluding remarks
Markus Huber SBA Research, mhuber@sba-research.org
21/23 Social Snapshots: Digital Forensics for Online Social Networks
22. Outline Brief background Design Results and Evaluation Concluding remarks References
Social Snapshot tool extracts Facebook data in
less than 15 minutes
Malicious social snapshots
FiTM attacks[3]
Privacy surveys
Data liberation
Markus Huber SBA Research, mhuber@sba-research.org
22/23 Social Snapshots: Digital Forensics for Online Social Networks
23. Outline Brief background Design Results and Evaluation Concluding remarks References
Thank you for your time!
Questions?
mhuber@sba-research.org
http://socialsnapshot.nysos.net
Participate in our survey and get your social snapshot:
http://is.gd/snapshotsurvey
Markus Huber SBA Research, mhuber@sba-research.org
23/23 Social Snapshots: Digital Forensics for Online Social Networks
24. Outline Brief background Design Results and Evaluation Concluding remarks References
L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda.
All your contacts are belong to us: automated identity theft
attacks on social networks.
In Proceedings of the 18th international conference on World
wide web, pages 551–560. ACM, 2009.
H. Gao, J. Hu, C. Wilson, Z. Li, Y. Chen, and B. Zhao.
Detecting and characterizing social spam campaigns.
In Proceedings of the 10th annual conference on Internet
measurement, pages 35–47. ACM, 2010.
M. Huber, M. Mulazzani, E. Weippl, G. Kitzler, and
S. Goluch.
Friend-in-the-middle attacks: Exploiting social networking sites
for spam.
Internet Computing, 2011.
Markus Huber SBA Research, mhuber@sba-research.org
23/23 Social Snapshots: Digital Forensics for Online Social Networks
25. Outline Brief background Design Results and Evaluation Concluding remarks References
T. Jagatic, N. Johnson, M. Jakobsson, and F. Menczer.
Social phishing.
Communications of the ACM, 50(10):94–100, 2007.
G. Wondracek, T. Holz, E. Kirda, and C. Kruegel.
A Practical Attack to De-Anonymize Social Network Users.
In Proceedings of the IEEE Symposium on Security and
Privacy, 2010.
Markus Huber SBA Research, mhuber@sba-research.org
23/23 Social Snapshots: Digital Forensics for Online Social Networks