Free Forensic Tools for Social Media Investigations The investigation of social media data can be difficult and cumbersome. Watch this video to find out how Easilydo can help you with the following:
Forensic Tools for Social Media Investigations contains information from some of the top experts in their fields, to provide a manual that can be used as a starting point for social media investigations. This book covers how to collect evidence, and how to use that data in an investigation. The book also covers how to collect data using mobile devices and wearables
WebPreserver
What is it for? Collection and preservation of social media and other online content.
WebPreserver is an automated forensic preservation tool for social media and web content that can literally complete weeks of evidence collection in under an hour. Its auto-expand feature automatically expands long collapsed posts, comment threads, and replies, ensuring hidden content is captured without you having to manually expand these sections. WebPreserver can even capture entire websites, Instagram accounts, and videos with two simple clicks. WebPreserver is a Chrome plug-in that can be downloaded from the Chrome Web Store, but you need to purchase a license through the WebPreserver website.
Makeawebsitehub
What is it for? Identifying the latest social media platforms and apps.
Have you ever heard of Peanut, Caffeine, or Steemit? What about Ello, Triller, or WT Social? While it can feel as if platforms like Facebook, Instagram, Twitter, and YouTube dominate the social media landscape, new apps and platforms are being released all the time. Makeawebsitehub.com regularly updates a list of the latest social media apps, which can be very useful for expanding your online investigations and finding those lesser-known platforms that might be hiding useful evidence.
Pipl Search
What is it for? To identify personal, professional, and social information online.
Pipl Search is arguably the most sophisticated people search engine available to investigators. Pipl collects information from Internet sources like public records, listings, directories, and online archives—but it also boasts its own exclusive sources. Pipl has global coverage, with over three billion online identities and 25 billion individual identity records at its disposal. All you need is a single data point (like a name, phone number, or email address) and Pipl will quickly provide you with all available data for that person. This information can include associated social media accounts, all known telephone numbers, physical addresses, places of employment, educational history, etc.
ProDiscover Forensic
ProDiscover Forensic is a computer security app that allows you to locate all the data on a computer disk. It can protect evidence and create quality reports for the use of legal procedures. This tool allows you to extract EXIF(Exchangeable Image File Format) information from JPEG files.
Features:
- This product supports Windows, Mac, and Linux file systems.
- You can preview and search for suspicious files quickly.
- This Digital forensics software creates a copy of the entire suspected disk to keep the original evidence safe.
- This tool helps you to see internet history.
- You can import or export .dd format images.
- It enables you to add comments to evidence of your interest.
- ProDiscover Forensic supports VMware to run a captured image.
Link: https://www.prodiscover.com
Sleuth Kit (+Autopsy)
Sleuth Kit (+Autopsy) is a Windows based utility tool that makes forensic analysis of computer systems easier. This tool allows you to examine your hard drive and smartphone.
Features:
- You can identify activity using a graphical interface effectively.
- This application provides analysis for emails.
- You can group files by their type to find all documents or images.
- It displays a thumbnail of images to quick view pictures.
- You can tag files with the arbitrary tag names.
- The Sleuth Kit enables you to extract data from call logs, SMS, contacts, etc.
- It helps you to flag files and folders based on path and name.
Link: https://www.sleuthkit.org
CAINE
CAINE is a Ubuntu-based app that offers a complete forensic environment that provides a graphical interface. This tool can be integrated into existing software tools as a module. It automatically extracts a timeline from RAM.
Features:
- It supports the digital investigator during the four phases of the digital investigation.
- It offers a user-friendly interface.
- You can customize features of CAINE.
- This software offers numerous user-friendly tools.
Link: https://www.caine-live.net
SANS SIFT
The SANS Investigative Forensic Toolkit (SIFT) is an Ubuntu based Live CD which includes all the tools you need to conduct an in-depth forensic or incident response investigation. It supports analysis of Expert Witness Format (E01), Advanced Forensic Format (AFF), and RAW (dd) evidence formats. SIFT includes tools such as log2timeline for generating a timeline from system logs, Scalpel for data file carving, Rifiuti for examining the recycle bin, and lots more.
When you first boot into the SIFT environment, I suggest you explore the documentation on the desktop to help you become accustomed to what tools are available and how to use them. There is also a good explanation of where to find evidence on a system. Use the top menu bar to open a tool, or launch it manually from a terminal window.
Key features
- 64-bit base system
- Auto-DFIR package update and customizations
- Cross compatibility with Linux and Windows.
- Expanded filesystem support
- Option to install the standalone system
CrowdStrike CrowdResponse
CrowdResponse is a lightweight console application that can be used as part of an incident response scenario to gather contextual information such as a process list, scheduled tasks, or Shim Cache. Using embedded YARA signatures you can also scan your host for malware and report if there are any indicators of compromise.
To run CrowdsResponse, extract the ZIP file and launch a Command Prompt with Administrative Privileges. Navigate to the folder where the CrowdResponse*.exe process resides and enter your command parameters. At minimum, you must include the output path and the ‘tool’ you wish to use to collect data. For a full list of ‘tools’, enter CrowdResponse64.exe in the command prompt and it will bring up a list of supported tool names and example parameters.
Once you’ve exported the data you need, you can use CRconvert.exe to convert the data from XML to another file format like CSV or HTML.
Key features
- Comes with three modules – directory-listing, active running module, and YARA processing module.
- Displays application resource information
- Verifies the digital signature of the process executable.
- Scans memory, loaded module files, and on-disk files of all currently running processes
Conclusion
Social media has the potential to connect people, share ideas and information, and deliver a real-time snapshot of what’s happening in the world. As a detective or investigator, this has immense appeal to help you gather information to solve crimes and combat crime.Wouldn’t it be great if there was an easier way to get started with social media forensics?