Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
OSINT Social Media Techniques - Macau social mediat lc
1. Emerging
Inves,ga,ve
Techniques:
Big
Data
and
Social
Networks
(OSINT)
and
Mobile
Surveillance
Giuseppe Vaciago
Seminar on Cybercrime and Digital Forensics
April 8-12th 2014
EU-Macao Co-operation Programme in the Legal Field
(2010-2013)
2. 1. Introduc,on
q IP
Address
and
DNS
q
Online
Sources
of
Informa6on
2. Big
Data
and
Social
Network
(OSINT)
and
mobile
surveillance
q Big
Data
Defini6on
q Detec6ng
and
Seizing
Illegal
Contents
q Valida6ng
Digital
Evidence
q Chain
of
Custody
aBer
Seizure
q Analysis
of
Digital
Evidence
q Repor6ng
of
Digital
Evidence
Findings
3. Emerging
Inves,ga,ve
Techniques
q Iden6fy
the
Suspect
–
Fake
Profile
q Evidence
from
SNS
Agenda
Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
3. What
is
Digital
Electronic/Evidence?
The
Opte
Project
creates
visualiza/ons
of
the
14
billion
pages
that
make
up
the
network
of
the
web.
Hungarian
physicist
Albert-‐
László
discovered,
from
every
single
one
of
these
pages
you
can
navigate
to
any
other
in
19
clicks
or
less
4. An
IP
address
is
a
numerical
iden/fica/on
code
assigned
to
each
and
every
device
connected
to
a
network,
comparable
to
a
street
address
or
a
telephone
number.
Given
a
specific
IP
address
and
the
exact
,me
the
net
connec/on
was
established,
an
ISP
can
trace
the
personal
data
of
the
person
who
signed
the
related
connec,vity
service
contract.
IP
Address
could
be
Sta,c
(IP
Address
doesn’t
change)
or
Dynamic
(IP
Address
shared
with
several
other
customers
of
the
same
ISP)
IP
Address
Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
5. The
Internet
Assigned
Numbers
Authority
(IANA)
regulates
these
IP
addresses.
through
regional
en//es
located
around
the
world
(RIPE
-‐
Europe
and
some
parts
of
Asia;
APNIC
-‐
Asia,
and
the
Pacific
Region;
ARIN
-‐
North
America;
LACNIC
-‐
La/n
America
and
the
Caribbean;
AfriNIC
–
Africa.
Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
IP
Address:
IANA
6. IP
Address:
IPv6
Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
IPv6
supports
globally
unique
sta/c
IP
addresses,
which
can
be
used
to
track
a
single
device's
Internet
ac,vity.
Most
devices
are
used
by
a
single
user,
so
a
device's
ac/vity
is
oSen
assumed
to
be
equivalent
to
a
user's
ac/vity.
This
causes
privacy
concerns
in
the
same
way
that
cookies
can
also
track
a
user's
naviga/on
through
sites.
7. Domain
Name
System
(DNS)
Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
The
Domain
Name
System
(DNS)
is
a
distributed
system
that
acts
like
a
large
phone
book,
and
keeps
track
about
which
IP
address
(or
addresses)
is
assigned
to
which
“name”,
and
vice
versa.
Apart
from
the
official
channels
to
query
DNS
records
and
resolve
DNS
to
IP
addresses
there
are
plenty
of
tools
and
websites
designed
to
automate
and
help
the
inves/gator
on
this
front:
• DnsStuff
(www.dnsstuff.com)
• DomainTools
(www.domaintools.com)
• CentralOps
(www.centralops.net)
8. Online
Sources
of
Informa,on:
Website
Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
q The
first
piece
of
evidence
here
is
the
actual
“visible”
content
of
the
web
site.
q The
second
one
is
the
“invisible”
content
associated
to
these
sites.
Invisible
content
here
is
basically
the
source
code
used
to
create
the
web
page
(i.e
user/developer
comments
such
as
passwords,
iden/ty
or
loca/on
references
or
metadata
such
as
crea/on/last
modifica/on
date)
9. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
The
inves/gator
should
watch
for
on
Social
Networking
Sites:
□
User
ID:
it’s
a
valuable
piece
of
evidence
Online
Sources
of
Informa,on:
Social
Networking
Sites
10. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
Now
there
is
the
possibility
to
personalize
your
user
ID
(h^p://
namechk.com).
Online
Sources
of
Informa,on:
Social
Networking
Sites
11. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
□
Picture:
it’s
possible
to
obtain
important
metadata
even
if
the
post
important
SNS
clean
uploaded
user’s
photos
Online
Sources
of
Informa,on:
Social
Networking
Sites
□
Chat:
when
it
is
legally
possible,
chats
on
SNS
contain
fundamental
forma/on
for
the
inves/ga/on
12. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
WebMail
Sites
contains
the
following
informa/on
(most
of
the
/me
encrypted):
□
Chat
Subsystem
□
Voice
Subsystem
Online
Sources
of
Informa,on:
WebMail
Sites
13. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
Online
ads
(Google
Adwords/Adsense,
Facebook
Ads,
MicrosoS
Adver/sing,
AdBrite,
BidVer/ser)
are
one
of
those
sources
of
informa/on
that
could
be
used
to
a
follow
the
“money
trail”.
Online
Sources
of
Informa,on:
Ad-‐Networks
14. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
Amazon
has
S3,
Google
has
Google
Drive,
MicrosoS
has
Azure.
One
best-‐known
examples
here
is
DropBox,
which
internally
relies,
with
Amazon
S3.
This
will
be
the
future
of
the
storage
and
consequently
of
the
inves/ga/on.
The
2
main
obstacle
are
q Jurisdic,on
q Digital
Forensics
(the
admissibility
of
the
evidence
will
be
on
the
hand
of
the
Cloud
Provider)
Online
Sources
of
Informa,on:
Cloud
Storage
Services
15. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
The
key
concept
regarding
the
acquisi/on
of
evidence
on
files
being
shared
or
downloaded
through
most
P2P
networks
consists
on
simply
joining
the
P2P
network,
if
the
legal
system
admits
this
possibility.
If
logging
is
turned
on
for
this
client,
all
the
details
needed
will
be
obtained
(IP,
ports,
/mestamps,
opera/ons)
logged
straight
into
a
file
in
real-‐/me.
Online
Sources
of
Informa,on:
P2P
Network
16. Mash
UP
Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
Mash
Up:
A
mash-‐up,
in
web
development,
is
a
web
page,
or
web
applica/on,
that
uses
and
combines
data,
presenta/on
or
func/onality
from
two
or
more
sources
to
create
new
services.
17. Tim
McCormick*
proposed
the
following
classifica/on
of
data:
1. Basic
Pure
Data
2. High
Value
Data
3. Transac/onal
4. High
Value
Transac/onal
data
Tim
McCormick,
“A
Web
Services
Taxonomy”
Big
Data
–
Defini,on
Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
Big
Data
is
a
collec/on
of
data
sets
so
large
and
complex
that
it
becomes
difficult
to
process
using
tradi/onal
data
processing
applica/ons
18. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
Big
Data
Defini,on
Social
media
is
transforming
society.
We
are
transferring
more
and
more
of
our
lives
onto
vast
digital
social
commons.
The
emergence
of
these
increasingly
significant
public
spaces
poses
a
dilemma
for
government.
(#Intelligence
–
Demos
Research
–
2012)
19. Big
Data
–
SOCMINT
(Social
Media
Intelligence)
Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
Social
media
is
an
extremely
important
class
of
Big
Data,
and
are
increasingly
subject
to
collec/on
and
analysis.
Measuring
and
understanding
the
visage
of
millions
of
people
digitally
arguing,
talking,
joking,
condemning
and
applauding
is
of
wide
and
tremendous
value.
20. SOCMINT
–
Direct
contact
to
the
Public
Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
21. SOCMINT
–
Future
Crime
Predic,on
Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
22. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
SOCMINT
–
Future
Crime
Predic,on
-‐
PredPol
23. SOCMINT
–
Future
Crime
Predic,on
-‐
August
2011
and
London’s
Riot
Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
24. SOCMINT
–
Surveillance
Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
25. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
Adap,ve
Grooming
Policy
(Network
Algorithm)
Facebook
admi^ed
to
monitoring
certain
online
chats
between
minors
and
adults
according
to
certain
k e y w o r d s ,
f o r w a r d i n g
t h i s
informa/on
to
the
law
enforcement
officials
in
order
to
check
whether
there
are
the
grounds
for
inves/ga/ng
whether
“grooming”
has
occurred.
SOCMINT
–
Surveillance
–
Chat
Monitoring
26. Mr
Palazzolo
a
treasurer
for
the
mafia,
on
the
run
for
30
years,
was
discovered
by
monitoring
his
Facebook
profile.
Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
SOCMINT
–
Surveillance
–
Chat
Monitoring
27. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
SOCMINT
–
Mobile
Surveillance
-‐
Geoloca,on
and
Face
Recogni,on
28. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
Augmented
Reality
is
a
live,
direct
or
indirect,
view
of
a
physical,
real-‐
world
environment
whose
elements
are
augmented
by
computer-‐
generated
sensory
input
such
as
sound,
video,
graphics
or
GPS
data.
SOCMINT
–
Mobile
Surveillance
–
Augmented
Reality
29. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
The
research
inves/gated
the
feasibility
of
combining
publicly
available
Web
2.0
data
with
off-‐the-‐shelf
face
recogni/on
soSware
for
the
purpose
of
large-‐scale,
automated
individual
re-‐iden/fica/on.
Two
experiments
demonstrated
the
ability
of
iden/fying
strangers
online
(on
a
da/ng
site)
and
offline
(in
a
public
space),
based
on
photos
made
publicly
available
on
a
social
network
site.
SOCMINT
–
Mobile
Surveillance
–
Faces
of
Facebook
31. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
Communica/ons
sent
over
SNSs,
and
informa/on
uploaded
to
SNS
profiles,
are
normally
saved
only
on
the
SNSs'
servers.
But…
Some
informa/on
may
also
be
stored
on
the
user's
computer
cache
Emerging
Inves,ga,ve
Techniques
-‐
Where
the
data
are
stored?
32. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
Police
also
u/lise
SNSs
in
their
inves/ga/ons
through,
for
example,
senng
up
SNS
profiles
and
reques/ng
informa/on
from
the
public.
Police
in
New
Zealand
have
made
their
first
“Facebook
arrest”
aSer
placing
CCTV
footage
of
a
burglar
removing
his
balaclava
during
the
burglary
on
the
social
networking
site”
An
internet
savvy
police
officer
in
Queenstown,
on
New
Zealand’s
South
Island,
posted
the
footage
on
the
force’s
Facebook
page
and
within
24
hours
of
the
break-‐in
the
burglar
was
iden/fied.
Emerging
Inves,ga,ve
Techniques
–
Iden,fy
the
Suspects
33. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
q The
Parson
Cross
Crew
showed
off
guns
and
knives
on
social
networking
sites
aSer
some
were
convicted
for
a
teenager’s
murder.
q Dale
Robertson,
18,
was
stabbed
to
death
aSer
a
girl’s
16th
birthday
party.
q A
woman
created
the
Facebook
website
“The
Parson
Cross
Crew
Named
and
Shamed”,
with
picture
of
crew.
q Police
were
able
to
use
the
photographs
as
evidence
against
four
further
gang
members
at
Sheffield
Crown
Court
for
firearms
offences
(Sheffield
September,
2009)
Emerging
Inves,ga,ve
Techniques
–
Iden,fy
the
Suspects
34. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
Emerging
Inves,ga,ve
Techniques
–
Iden,fy
the
Suspects
35. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
q The
police
must
create
fake
profiles
if
they
want
to
do
any
more
than
surf
the
general
public
material
on
the
SNSs.
q In
US,
law
enforcement
agencies
are
openly
engaging
in
these
decep/ve
prac/ces
in
order
to
inves/gate
even
minor
drug
and
alcohol
offences.
q Befriending
targets
on
SNSs
allows
officers
an
opportunity
to
infiltrate
ongoing
criminal
ac/vity
with
li^le
physical
risk.
q Examples
include
the
FBI
infiltra/on
of
“Darkmarket”
dubbed
the
“Facebook
for
fraudsters”,
where
users
traded
stolen
credit
card
and
bank
account
details.
Emerging
Inves,ga,ve
Techniques
–
Fake
Profiles
36. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
Emerging
Inves,ga,ve
Techniques
–
Covert
Surveillance
Ar,cle
14
Proposal
for
a
Direc,ve
2010/0064
(C0D)
on
Child
pornography
Member
States
shall
take
the
necessary
measures
to
ensure
that
effec6ve
inves6ga6ve
tools
are
available
to
persons,
units
or
services
responsible
for
inves6ga6ng
or
prosecu6ng
offences
referred
to
in
Ar6cles
3
to
7,
allowing
the
possibility
of
covert
opera*ons
at
least
in
those
cases
where
the
use
of
informa*on
and
communica*on
technology
is
involved.
Member
States
shall
take
the
necessary
measures
to
enable
inves6ga6ve
units
or
services
to
aWempt
to
iden6fy
the
vic6ms
of
the
offences
referred
to
in
Ar6cles
3
to
7,
in
par6cular
by
analysing
child
pornography
material,
such
as
photographs
and
audiovisual
recordings
transmiWed
or
made
available
by
means
of
informa6on
and
communica6on
technology.
37. Emerging
Inves,ga,ve
Techniques
-‐
Problems
of
Undercover
Inves,ga,on
Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
Exclusionary
Rule
Criminal
Liability
for
LEa
Jurisdic/on
Admissibility
of
digital
evidence
Fake
profiles
are
not
admi^ed
SNS
Terms
of
Service
38. Emerging
Inves,ga,ve
Techniques
-‐
Monitoring
public
profiles
Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
X1
Social
Discovery
soSware
maps
a
given
loca/on,
such
as
a
certain
block
within
a
city
or
even
an
en/re
par/cular
metropolitan
area,
and
searches
the
en/re
public
Twi^er
feed
to
iden/fy
any
geo-‐
located
tweets
in
the
past
three
days
(some/mes
longer)
within
that
specific
area.
39. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
“Where
someone
does
an
act
in
public,
the
observance
and
recording
of
that
act
will
ordinarily
not
give
rise
to
an
expecta6on
of
privacy”
(A.
Gillespie,
“Regula/on
of
Internet
Surveillance”
-‐
2009)
“Public
informa6on
can
fall
within
the
scope
of
private
life
where
it
is
systema6cally
collected
and
stored
in
files
held
by
the
authori6es”
(Rotaru
v
Romania,
ECtHR,
(App.
No.
28341/95)
2000)
BUT…
Emerging
Inves,ga,ve
Techniques
-‐
Monitoring
public
profiles
40. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
“Just
as
it
is
easy
to
fake
a
person's
SNS
profile,
it
is
easy
to
alter
informa/on
taken
from
a
SNS
account”.
For
Michael
O’Floinn
and
David
Ormerod
the
challenges
for
SNS
evidence
are:
(i) evidence
must
represent
what
appeared
on
the
SNS;
(ii) that
the
evidence
can
be
shown
to
have
originated
from
the
alleged
source,
as
opposed
to
a
hacker
or
someone
with
access
to
the
SNS
account;
(iii) Admissibility
of
the
evidence
Evidence
from
SNS
–
Digital
Forensics
Source:
*Micheal
O'Floinn
and
David
Ormerod,
Social
networking
sites,
RIPA
and
criminal
inves6ga6ons)
41. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
q Defendant’s
friend
contacted
a
rape
complainant
on
MSN,
proffering
as
evidence
a
doctored
printout
of
the
conversa/on
to
suggest
that
she
admi^ed
the
sex
was
consensual.
This
led
to
the
jury
being
discharged
pending
analysis
of
the
computers.
Defendant's
friend
was
convicted
of
perver,ng
the
course
of
jus,ce
q In
of
State
of
Connec/cut
vs.
Eleck,
the
court
rejected
Facebook
evidence
in
the
form
of
a
simple
printout,
for
failure
of
adequate
authen/ca/on.
The
court
noted
that
it
was
incumbent
on
the
party
to
seeking
to
admit
the
social
media
data
to
offer
detailed
“circumstan,al
evidence
that
tends
to
authen,cate”
the
unique
medium
of
social
media
evidence.
Evidence
from
SNS
–
(I)
The
Accuracy
of
evidence
–
Two
examples
42. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
q US
cases
accept
that
tes,mony
of
a
witness
with
knowledge
or
dis/nc/ve
characteris/cs
within
the
communica/on
unless
there
is
a
specific
allega/on
of
unauthorised
access.
q MySpace
evidence
was
authen/cated
by
tes/mony
of
par/cipants
in
the
communica/ons
q Expert
evidence
from
a
official
of
SNS.
q An
unduly
onerous
authen,ca,on
test
may
induce
prosecutors
to
devote
dispropor/onate
/me
and
(scarce)
resources
to
authen/ca/on,
adding
unnecessarily
to
complexity
and
delay
at
trial.
Evidence
from
SNS
–
(II)
Proof
of
Authorship
43. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
The
disputed
SNS
evidence
must
have
logical
relevance,
and
this
is
sa/sfied
when
it
is:
(a) possibly
authen/c
(b) bears
on
the
probabili/es
of
a
contested
issue.
The
SNS
evidence
must
be
legally
relevant,
and
this
is
sa/sfied
if
there
is
“some
admissible
evidence
[...]
of
provenance,
con/nuity
(if
relevant)
and
integrity”
Evidence
from
SNS
–
(III)
Admissibility
of
the
evidence
to
the
Court
44. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
q In
October
2008,
in
Edmonton,
Alberta,
it
was
revealed
that
filmmaker
Mark
Twitchell,
who
was
facing
first
degree
murder
charges,
had
posted
as
his
Facebook
status
in
August
that
"he
had
a
lot
in
common
with
Dexter
Morgan".
This
proved
to
be
a
key
piece
of
evidence
in
the
missing
person
case
of
John
Al/nger,
as
Twitchell
was
a
fan
of
the
television
series
"Dexter"
and
it
is
believed
that
he
murdered
Al/nger
in
the
style
of
Dexter's
clandes/ne
murders.
q In
September
2009,
In
Mar/nsburg,
West
Virginia,
Burglar
leaves
his
Facebook
page
on
vic/m’s
computer.
ASer
he
stopped
check
his
account
on
the
vic/m's
computer,
but
forgot
to
log
out
before
leaving
the
home
with
two
diamond
rings.
q In
November
2009,
two
women
charged
with
robbing
a
home
in
Ontario.
The
two
women,
both
in
their
early
20s,
decide
to
post
a
photo
of
themselves
with
the
stolen
goods
online.
Evidence
from
SNS
-‐
Confession
45. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
Misuse
of
Social
Network
–
Lawyer
and
Judges
q Legal
prac//oners
searching
SNS:
lawyers
may
be
tempted
to
create
fake
profiles
and
befriending
witnesses
or
their
friends.
q It
is
not
only
lawyers
who
can
fall
vic/m
to
SNS
misuse.
There
are
reported
instances
from
other
jurisdic/ons
where
judges
have
used
SNSs
to
inves/gate
witnesses,
and
to
converse
with
counsel
about
the
case.
See,
for
example,
Public
Reprimand
of
Carlton
Terry
J.
Judicial
Standards
Commission,
Inquiry
No.08-‐234,
April
1,
2009
46. Macau,
April
8-‐12,
2013
-‐
Seminar
on
Cybercrime
and
Digital
Forensics
q More
jurors
said
they
saw
informa/on
about
the
case
on
the
internet.
In
high
profile
cases
26%
said
they
saw
informa/on
on
the
internet.
In
standard
cases
13%
said
they
saw
informa/on.
q In
June
2011,
Joanne
Fraill,
40,
a
juror
in
a
Manchester
case,
was
sentenced
to
eight
months
in
jail
for
contempt
of
court
aSer
using
Facebook
to
exchange
messages
with
Jamie
Sewart,
34,
a
defendant
already
acqui^ed
in
a
mul/million-‐pound
drug
trial.
Misuse
of
Social
Network
–
Jurors
47. Thanks
for
your
a^en/on
Giuseppe
Vaciago
Mail:
vaciago@htlaw.it
Web:
hWp://www.techandlaw.net
TwiWer:
hWps://twiWer.com/giuseppevaciago
Linkedin:
hWp://it.linkedin.com/in/vaciago