Social Forensics: Searching for Needles in Digital Haystacks

Abstract

The use of online social networks and other digital communication services has become a prevalent activity of everyday life. As such, users' social footprints contain a massive amount of data, including exchanged messages, location information and photographic coverage of events. While digital forensics has been evolving for several years with a focus on recovering and investigating data from digital devices, social forensics is a relatively new field. Nonetheless, law enforcement agencies have realized the significance of employing online user data for solving criminal investigations. However, collecting and analyzing massive amounts of data scattered across multiple services is a challenging task. In this paper, we present our modular framework designed for assisting forensic investigators in all aspects of these procedures. The data collection modules extract the data from a user's social network profiles and communication services, by taking advantage of stored credentials and session cookies. Next, the correlation modules employ various techniques for mapping user profiles from different services to the same user. The visualization component, specifically designed for handling data representing activities and interactions in online social networks, provides dynamic "viewpoints" of varying granularity for analyzing data and identifying important pieces of information. We conduct a case study to demonstrate the effectiveness of our system and find that our automated correlation process achieves significant coverage of users across services.