Abstract
The growth in the popularity of microblogging and online social network (OSN) websites such as Facebook, Twitter, Tumblr, Pinterest, etc. in this modern age progresses relentlessly. Accompanying this growth in popularity is the increase in the use of these websites by individuals, companies, and even industries at large. Aside from social networking, microblogging and OSN websites have been exploited by many profitable companies as a medium for advertisement of their products, information dissemination and building connections. This increasing usage for various purposes has also opened doors to a wide range of criminal and malicious acts. This chapter studies two particular microblogging sites, Pinterest and Tumblr, both of which have gained great popularity today. Specifically, we seek to contribute to the forensics field by finding the artifacts associated with these websites that would be of interest should the need arise, as in criminal and civil cases, by replicating the actions of a standard user while using these sites in the Internet Explorer, Firefox and Chrome Browsers, and then, analyzing this self-created evidence to find such artifacts. Also, the paper exposes and exploits most of the top forensic tools employed today in the investigation of cyber-criminal cases, while making use of forensically sound methodologies in our analysis.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Dardick, G.S., La Roche, C.R., Flanigan, M.A.: Blogs: anti-forensics and counter anti-forensics (2007)
Zainudin, N.M., Merabti, M., Llewellyn-Jones, D.: Online social networks as supporting evidence: A digital forensic investigation model and its application design. In: 2011 International Conference on Research and Innovation in Information Systems, pp. 1–6 (2011)
Taylor, M., et al.: Forensic investigation of social networking applications. Netw. Secur. 11(2014), 9–16 (2014)
Zainudin, N.M., Merabti, M., Llewellyn-Jones D.: A digital forensic investigation model for online social networking. In: Proceedings of the 11th Annual Conference on the Convergence of Telecommunications, Networking and Broadcasting, Liverpool (2010)
Mulazzani, M., Huber, M., Weippl, E.: Social network forensics: tapping the data pool of social networks. https://www.semanticscholar.org/paper/Social-Network-Forensics-Tapping-the-Data-Pool-of-Mulazzani-Huber/3bc38655af392e1489eeeeab9a7a2fa8a45c5edb. Accessed 13 Sep 2017
Oh, J., Lee, S., Lee, S.: Advanced evidence collection and analysis of web browser activity. Digit. Investig. 8(Supplement), S62–S70 (2011). ISSN 1742-2876, https://doi.org/10.1016/j.diin.2011.05.008, http://www.sciencedirect.com/science/article/pii/S1742287611000326
Pereira, M.T.: Forensic analysis of the Firefox 3 Internet history and recovery of deleted SQLite records. Digit. Investig. 5(3–4), 93–103 (2009). ISSN 1742-2876, https://doi.org/10.1016/j.diin.2009.01.003, http://www.sciencedirect.com/science/article/pii/S1742287609000048
Rahman, S., Khan, M.N.A.: Digital forensics through application behavior analysis. Int. J. Mod. Educ. Comput. Sci. 8(6), 50 (2016)
Seigfried-Sellar, K., Leshney, S.: The intersection between social media, crime, and digital forensics: #WhoDunIt?. ResearchGate. https://www.researchgate.net/publication/301266641_The_intersection_between_social_media_crime_and_digital_forensics_WhoDunIt. Accessed 13 Sep 2017
Rathod, D.M.: Web browser forensics: Google Chrome. Int. J. Adv. Res. Comput. Sci. 8(7). https://login.libweb.lib.utsa.edu/login?url=https://search-proquest-com.libweb.lib.utsa.edu/docview/1931129713?accountid=7122 (2017)
Jones, K.J.: Forensic analysis of internet explorer activity files. Forensic Analysis of Microsoft Windows Recycle Bin Records (2003)
Ohana, D.J., Shashidhar, N.: Do private and portable web browsers leave incriminating evidence?: A forensic analysis of residual artifacts from private and portable web browsing sessions. EURASIP J. Inf. Secur. 2013, 1–13 (2013). http://dx.doi.org.libweb.lib.utsa.edu/10.1186/1687-417X-2013-6
Akbal, E., Günes, F., Akbal, A.: Digital forensic analyses of web browser records. JSW 11(7), 631–637 (2016)
Said, H., et al.: Forensic analysis of private browsing artifacts. In: International conference on Innovations in information technology (IIT). IEEE (2011)
Jang, Y.-J., Kwak, J.: Digital forensics investigation methodology applicable for social network services. Multimed. Tools Appl. 74(14), 5029–5040 (2015)
Yang, T.Y., et al.: Windows instant messaging app forensics: Facebook and Skype as case studies. PloS One 11(3), e0150300 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
-
A.
Firefox
See Fig. 2.
Decrypted user id and password using PRTK
-
1.
Thumbnail image:
Firefox_Image.001/Partition 1/NONAME [NTFS]/[root]/Users/FTKuser/AppData/Local/Mozilla/Firefox/Profiles/7dl333s7.default/thumbnails/ (Fig. 3)
Fig. 3 
c700fa12be0b1c01e6a3204dd2813351
-
2.
Internet Explorer browsing history
Firefox_Image.001/Partition 1/NONAME [NTFS]/[root]/Users/FTKuser/AppData/Local/Microsoft/Windows/WebCache/WebCacheV01.dat (Fig. 4)
Fig. 4 
Internet explorer browsing history
-
3.
Message
Firefox_Image.001/Partition 1/NONAME [NTFS]/[root]/Users/FTKuser/AppData/Local/Mozilla/Firefox/Profiles/7dl333s7.default/cache2/entries/029694E1538C52F75B77EC6421D9BA499EA96EC1 (Fig. 5)
Fig. 5 
Message viewed in Pinterest window
-
4.
Post
Firefox_Image.001/Partition 1/NONAME [NTFS]/[root]/Users/FTKuser/AppData/Local/Mozilla/Firefox/Profiles/7dl333s7.default/cache2/entries/053A41D688D6C8B724ADD72985727A7AE1DB8F27 (Fig. 6)
Fig. 6 
The dashboard and image viewed in Pinterest
Tumblr
-
1.
Message in slack space
Firefox_Image.001/Partition 1/NONAME [NTFS]/[root]/Users/FTKuser/AppData/Local/Mozilla/Firefox/Profiles/7dl333s7.default/cache2/entries/279D49DC5C992B42071D77837CDE35C996FDF7E7.FileSlack (Figs. 7 and 8)
Fig. 7 
Recovered message
Fig. 8 
The link represents the above message image
-
2.
Message in slack space
Firefox_Image.001/Partition 1/NONAME [NTFS]/[root]/Users/FTKuser/AppData/Local/Mozilla/Firefox/Profiles/7dl333s7.default/cache2/entries/949CEE42F38DBAFB3222459A98961DFA95C0DD64.FileSlack (Fig. 9)
Fig. 9 
Recovered message showing recipient and type of message
-
3.
Post found in Thumbnail
Firefox_Image.001/Partition 1/NONAME [NTFS]/[root]/Users/FTKuser/AppData/Local/Mozilla/Firefox/Profiles/7dl333s7.default/thumbnails/ (Fig. 10)
Fig. 10 
Thumbnail image of a GIF post made by the user
-
4.
Internet Explorer browsing history
Firefox_Image.001/Partition 1/NONAME [NTFS]/[root]/Users/FTKuser/AppData/Local/Microsoft/Windows/WebCache/WebCacheV01.dat
-
5.
Message
Firefox_Image.001/Partition 1/NONAME [NTFS]/[root]/Users/FTKuser/AppData/Local/Mozilla/Firefox/Profiles/7dl333s7.default/cache2/entries/03473A9DF7E05409BC7F67FD1C6C8477435C06AB (Fig. 11)
Fig. 11 
Gif received viewed in Tumblr
-
6.
Message
Firefox_Image.001/Partition 1/NONAME [NTFS]/[root]/Users/FTKuser/AppData/Local/Mozilla/Firefox/Profiles/7dl333s7.default/cache2/entries/0376B0645F3BF3A74095EBC44C659856500BB5FF (Fig. 12)
Fig. 12 
Image sent viewed in Tumblr
-
7.
Post
Firefox_Image.001/Partition 1/NONAME [NTFS]/[root]/Users/FTKuser/AppData/Local/Mozilla/Firefox/Profiles/7dl333s7.default/cache2/entries/583FB6BDAAA44ACCF5775062FB6694BE19AFED60/Untitled0 (Fig. 13)
Fig. 13 
Image link of the post recovered
-
8.
Video posted
Firefox_Image.001/Partition 1/NONAME [NTFS]/[root]/Users/FTKuser/AppData/Local/Mozilla/Firefox/Profiles/7dl333s7.default/cache2/entries/71B0F5E3B256692F1E83B83FABCEF3A1F16F08A6 (Fig. 14)
Fig. 14 
Video posted viewed in Tumblr
-
9.
Gif posted
Firefox_Image.001/Partition 1/NONAME [NTFS]/[root]/Users/FTKuser/AppData/Local/Mozilla/Firefox/Profiles/7dl333s7.default/cache2/entries/06A5E2C2FC12CB1223EDE45154ABC0ED00B72A36 (Fig. 15)
Fig. 15 
Gif posted viewed in Tumblr
-
10.
Messages showing participants
Firefox_Image.001/Partition 1/NONAME[NTFS]/[root]/Users/FTKuser/AppData/Local/Mozilla/Firefox/Profiles/7dl333s7.default/cache2/entries/
Figures 16 and 17 shows the participants of a chat and the time they were created matched the time in the evidence creation process logs.
Fig. 16 
Shows message participants
Fig. 17 
Shows message participants
-
B.
Screenshots of IE v11 Artifacts found as shown in AccessData FTK
-
C.
Google Chrome Analysis Screenshots
-
1.
Pinterest Log-in Credentials
-
2.
Tumblr Log-in Credentials
-
3.
Contents of Downloads Folder
4. Location of Google Chrome History Folder
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
McFadden, B., Balasubramani, E., Miebaka, W.E. (2020). Forensic Analysis of Microblogging Sites Using Pinterest and Tumblr as Case Study. In: Zhang, X., Choo, KK. (eds) Digital Forensic Education. Studies in Big Data, vol 61. Springer, Cham. https://doi.org/10.1007/978-3-030-23547-5_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-23547-5_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-23546-8
Online ISBN: 978-3-030-23547-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)