Abstract
In this paper, we introduce the concept of social cyber forensics and its usability. Then, we introduce a tool, i.e., Maltego that can be used to study the cross-media affiliation and uncover hidden relations among various online groups. We also provide three stepwise methodologies that leverage Maltego and various open source information to uncover the hidden relationship among (1) Twitter accounts and a set of websites/blogs; (2) websites/blogs and other websites/blogs; or (3) infer the ownership of a set of websites/blogs. These methodologies have been tested during many cyber propaganda campaigns that were projected against NATO forces. A high-level view of these case studies that leveraged the concepts and methodologies provided in this paper are briefly highlighted here while the details of each case were published in various venues which are pointed out for interested readers.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Google Analytics: https://analytics.google.com/.
PeekYou: http://www.peekyou.com/.
Metagoofil: http://www.edge-security.com/metagoofil.php.
Shodan: https://www.shodan.io/.
Paterva Ltd: https://www.paterva.com/.
Trident Juncture 2015 exercise: https://jfcbs.nato.int/trident-juncture.
Exercise Anakonda 2016: http://www.eur.army.mil/anakonda/.
Brilliant Jump 2016 exercise: http://www.jfcbs.nato.int/page5735825/brilliant-jump-2016.
S. M. Research Foundation. Nodexl: Network overview, discovery and exploration for excel. http://nodexl.codeplex.com/wikipage?tit.
D. M. A. DoD News: Operation atlantic resolve exercises begin in eastern europe. http://www.defense.gov/news/newsarticle.aspx?id=128441.
RT: ‘Tanks? no thanks!’: Czechs unhappy about us military convoy crossing country. http://www.rt.com/news/243073-czech-protest-us-tanks/.
Sindelar D: U.S. convoy: In Czech republic, real-life supporters outnumber virtual opponents. http://www.rferl.org/content/us-convoy-czech-republic-supporters-virtual-opponents/26928346.html.
Sputnik: Czechs plan multiple protests of U.S. army’s operation dragoon ride. http://sputniknews.com/europe/20150328/1020135278.html.
References
Alexander L (2015) Open-source information reveals pro-kremlin web campaign. https://globalvoices.org/2015/07/13/open-source-information-reveals-pro-kremlin-web-campaign/
Alherbawi N, Shukur Z, Sulaiman R (2013) Systematic literature review on data carving in digital forensic. Procedia technology, vol 11. Elsevier, Amaterdam, pp 86–92
Al-khateeb S, Agarwal N, Galeano R, Goolsby R (2017a) Examining the use of botnets and their evolution in propaganda dissemination. NATO Strateg Commun Center Excell (STRATCOM CoE) 2(1):87–112
Al-khateeb S, Hussain MN, Agarwal N (2017b) Social cyber forensics approach to study twitter’s and blogs’ influence on propaganda campaigns. In: International conference on social computing, behavioral-cultural modeling and prediction and behavior representation in modeling and simulation, Springer, New York, pp 108–113
Al-khateeb S, Hussain MN, Agarwal N (2018) leveraging social network analysis and cyber forensics approaches to study cyber propaganda campaigns. In: Social networks and surveillance for society, 1st edn, Lecture notes in social networks. Springer, No. 2190–5428, p 86. https://www.springer.com/us/book/9783319782553
Bazzell M (2014) Open source intelligence techniques: resources for searching and analyzing online information, 4th edn. CCI Publishing. https://inteltechniques.com/book1.html
Etling B, Kelly J, Faris R, Palfrey J (2009) Mapping the arabic blogosphere: politics, culture, and dissent, vol 6. Berkman Center Research Publication. http://www.ikhwanweb.com/uploads/lib/HNFNAB99APYNXAK.pdf
Fisher M (2010) Facebook: a place to meet, gossip, share photos of stolen goods. http://www.washingtonpost.com/wp-dyn/content/article/2010/12/14/AR2010121407423.html
Ghosh S, Viswanath B, Kooti F, Sharma NK, Korlam G, Benevenuto F, Ganguly N, Gummadi KP (2012) Understanding and combating link farming in the twitter social network. In: Proceedings of the 21st international conference on World Wide Web, ACM, pp 61–70. http://dl.acm.org/citation.cfm?id=2187846
Grube E (2010) Assault fugitive who was found via facebook is back in NY. http://newyorkcriminallawyersblog.com/2010/03/assault-criminal-who-was-found-via-facebook-is-back-in-ny.html
Huber M, Mulazzani M, Leithner M, Schrittwieser S, Wondracek G, Weippl E (2011) Social snapshots: digital forensics for online social networks. In: Proceedings of the 27th annual computer security applications conference, pp 113–122
Juarez V (2009) Facebook status update provides alibi. http://cnn.it/2mUOo48
Otan N (2015) Trident juncture 2015. https://jfcbs.nato.int/trident-juncture
Oyeusi K (2009) Computer forensics. PhD thesis, London Metropolitan University. http://docslide.us/documents/computer-forensics-558454651e7df.html
Povar D, Bhadran V (2011) Forensic data carving. In: Digital forensics and cyber crime, ser. Lecture notes of the institute for computer sciences, social informatics and telecommunications engineering. vol 53, Springer, Berlin, pp 137–148. http://bit.ly/2mzILFW
Sen F, Wigand RT, Agarwal N, Mete M, Kasprzyk R (2014) Focal structure analysis in large biological networks. In: IPCBEE, ser. 1, vol 70, IACSIT Press. http://www.ipcbee.com/vol70/001-ICEEB2014-E0002.pdf
Şen F, Wigand R, Agarwal N, Tokdemir S, Kasprzyk R (2016) Focal structures analysis: identifying influential sets of individuals in a social network. Soc Netw Anal Min 6(1):1–22
Acknowledgements
This research is funded in part by the U.S. National Science Foundation (IIS-1636933, ACI-1429160, and IIS-1110868), U.S. Office of Naval Research (N00014-10-1-0091, N00014-14-1-0489, N00014-15-P-1187, N00014-16-1-2016, N00014-16-1-2412, N00014-17-1-2605, N00014-17-1-2675, N00014-19-1-2336), U.S. Air Force Research Lab, U.S. Army Research Office (W911NF-16-1-0189), U.S. Defense Advanced Research Projects Agency (W31P4Q-17-C-0059), Arkansas Research Alliance, the Jerry L. Maulden/Entergy Fund at the University of Arkansas at Little Rock, and Creighton University’s College of Arts and Sciences. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the funding organizations. The researchers gratefully acknowledge the support.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Al-khateeb, S., Agarwal, N. Social cyber forensics: leveraging open source information and social network analysis to advance cyber security informatics. Comput Math Organ Theory 26, 412–430 (2020). https://doi.org/10.1007/s10588-019-09296-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10588-019-09296-3