An Expert Analysis: Social Media Investigations
6th April 2017
With over 80% of the UK population now online, the use of social media has grown rapidly with personal and professional information being shared openly. This has led to one of the richest sources of intelligence for law enforcement agencies and has become one of the most valuable tools to assist in social media investigations.
Internet Protocol Information
Information obtained from social media sites is now frequently used in evidence, for example, to assist with the attribution of mobile phones and other devices or to highlight conversations or images pertinent to an investigation.
IP (internet protocol) logs can also be used to assist in the identification of the user of a social media account at a specific time. For example, the user of a Facebook account may claim that they did not post a message or image and claim that their account was accessed by a third party. IP session logs can be analysed, to identify the IP address at the time and date a message was posted. Some device information for each account session is also logged within the Facebook download. This may include details about the type of device used to login, operating system, hardware version, name of mobile operator or ISP, browser type and time zone. This can also assist when trying to determine the type of device used to send the message.
In addition, Facebook captures some administrative IP address information. For example, the IP address at the time a profile picture was added or a user name created. With the relevant authority/court order, information can be sought from the ISP (Internet Service Provider) to obtain details of the registered account owner who was assigned that specific IP address at the date and time in question. Facebook can also provide the IP address at the time the account was created. It maybe that this IP address is the same as the IP address found in a session log, corresponding to the time and date a message was sent. Again, this can assist with attribution when the authenticity of a social media account is in dispute or the account user is disputing sending a message from their account.
It is now common practice for law enforcement agencies to capture information from social media sites and turn it into evidence to support an enquiry. This is fast becoming some of the most powerful evidence being used in court today.
Open Source Research
Open source research is also now forming part of a wider trend with its use in internal investigations. This freely accessible public information is now being used to assist companies when making important decisions on recruiting new employees or for investigating existing employee conduct on specific matters effecting the company. Social media investigations can be used to create individual or company profiles, utilising overt sources of information to build up a picture in relation to the subject matter. With people now posting information daily about their personal and professional activities, it is now possible to gain an insight into an individual’s lifestyle, financial status and associations, all through open source research.
Popular social media sites for profiling can include:
Information captured from these sites can be collated and evaluated to generate a subject profile, as shown below:
Real time searching can also be carried out, running search terms across multiple social media sites to identify current posts/tweets on specific subject matters. This can assist live investigations to identify current activity or to establish who is talking about a particular topic or subject matter.
Social media investigations can be used for criminal and corporate enquiries and has become a vital tool in society where data is being generated at an increasing rate every day. This information is both free and accessible to the public and can provide valuable insight and evidence that other methods of investigation fail to achieve.