Social Network Crime Investigation

Social Network Crime Investigation

Popular social networking sites

facebook, instagram, twitter, google+, orkut, pinterest, myspace, linkedIn etc...

Possible crimes on facebook and other social networking

Sites.
identity theft, hacking, assault , Credit card fraud, Net Extortion, threatening, abuse, stalking,
harassment etc..

some frequent modus operandi

• Stealing photos online and creating impostor/fake account
• Account/page defacement through phishing and social engineering techniques
• Sending abusive, threatening private messages
• Sending annoying friend requests/ posting on someone's wall without any concern (spam)
• illegal activity through Social networking account (drug, arm, restricted equipment sell)
• Sexual explicit content publishing, transmitting etc..
• Crimes against child-women
• Corporate-government confidential information leak
• Cross-regional terrorist activities (communication/encouragement medium)
• Spreading malicious code-scripts
• illegal(Unlawful) surveillance, tracking or monitoring

Social Network Crime Investigation Page 1

Social Network Crime Investigation

Investigative Steps To be considered For any Online Crime

** In most cases related to crimes involving Social networking sites as tool or target , there are two
type of evidences which can be helpful in investigation of crime.

(1) Local Data

(2) Server Log data

Local data/artifacts (history, cookies, cache, downloads folder, search history, photos, chat-IM
history, snapshots) from accused/victim's machine/device.
note: local data are often volatile/removable and/or not must to be present in every case.
In most case local data are being examine/extracted by forensics personnel after seizing and
sending machine/device to Forensic Lab ,so it is not possible that evidence can be available before
tracing back/identifying machine which was been used for criminal act.
For identifying that particular machine/device or accused from all WAN users investigator should first
obtain server log records/information from Social networking site/ISP.

Server log data (log in-out details from server side, account usage details, other related identical
details, alternate contact/account recovery details) which are being saved eventually on social
networking site's logging server.
This type of data is being obtained by authorised law enforcement/security agency personnel from
social networking site using pre-defined procedures for acquiring information.(See Page no.)
For obtaining data-records/information from any social networking site/Service provider investigator
should provide unique identifier/URL for that particular account/page/event to them (see page no).
Time/duration for required data-records/information should be decided by investigator which also
plays important role in identifying accused/machine used for criminal act.

There are various types of data-records/information which can be sought from social networking site/
service provider which are as following

• login-out details (server log data)

• alternate/recovery contact details
• registered mobile numbers (if available)
• credit card/banking details (if available)
• page details along with admin details
• creation-termination timestamps

NOTE: these information vary on site/provider and their timely system changes.

Social Network Crime Investigation Page 2

Social Network Crime Investigation

What need to must be specified when requesting any details

from any social networking site/application.
• Unique identifier (URL/User-id/Email address/Mobile Number/category-page URL)

- > Any valid identifier to the page/account/profile which is being investigated

(URL > uniform resource locator for profile/account/page
User-id > unique user-id which is being stored and used in site/provider's system
Email Address > Email id used for registration/sign-in or as alternate contact details
Mobile Number > Number used for registration/sign-in or as alternate contact details
page URL > URL for page/event/cause/application/message)

• Time stamp/Duration/event time

- > Time stamp when criminal act done or believed to be done, duration for particular event which is
being investigated.

• Criminal act short detail( crime type and its affect on applicant/infrastructure/public)

- > Details in short which explains crime type and its affect ,this is required for request review and
cross-check of criminal act from service provider/site.

• Comments-remarks

- > remarks should be clearly mentioned in notice/request letter in any more help/steps to be taken
like following
- Sensitivity of case/criminal act and reason for prioritize request resolution.
- Termination or blocking-access of service for fake/hacked/defamed account or profile.
- Intimate or not to user for any changes(violation removal, termination, warning).
- Mobile-number verification process enforcement before termination.

• Requester full details and official contact details.

-The name of the issuing authority

- Badge/ID number of responsible agent (Or Designation)
- Email address from a law-enforcement domain
- Direct contact phone number.

Social Network Crime Investigation Page 3

Social Network Crime Investigation

Finding Unique identifier of user on any social networking

website/application.

Social Network Crime Investigation Page 4

Social Network Crime Investigation

Instagram

google+

Follow these simple steps to find your/suspect's Google Plus User ID:
1) Login to your Google+ account then search for required user.
2) click on the Profile icon
3) In the address bar you will see your complete Google+ URL. It will look something like this:
https://plus.google.com/100519699729647583880/posts
4) Your Google Plus User ID is the long series of numbers that i have highlighted in this instance my
Google+ ID is the following:
100519699729647583880

Social Network Crime Investigation Page 5

Social Network Crime Investigation

Others
To find out Myspace URL & User ID :

1. Visit profile
2. Your URL is in the browser window (it will be something like http://www.myspace.com/000000
or http://www.myspace.com/VanityURL)
3. Your User URL is 000000 or VanityURL

Pinterest User ID:

Suppose account/profile URL is:http://www.pinterest.com/xyz/then xyz is the User ID

Linkedin :
www.linkedin.com/in/xyz
where xyz is vanity URL
You can use theIDin this URL and this will give you the link to User Profile http://www.linkedin.com/
profile/view?id=YourID
where YourID is userid

Social Network Crime Investigation Page 6

Social Network Crime Investigation

Steps Should Be taken By Investigator

In any case involving social networking site victim or investigator should take all the snapshots as all
the visual data/information available on social networking sites are volatile and can be easily
removed at any time and from anywhere, which can describe the criminal act on paper form so that
can be treated as basic complaint or identification of Crime .In respect to collect this information/
snapshots investigator should take below steps.

• Should take snapshot of each and every part of account which are relevant to the case.
• All snapshot should include URL so that account identification and evidence finding can be
made easy at later stage.
• Snapshots/prints of messages or wall/page posts with URL should be taken in hate speech/
threatening/abuse case.
• Original profile snapshot should be given in case of photo/information copy from original
profile and been used to create fake/imposter account.
• Should note date-time (Time Stamp) of particular criminal act in case of hacking of account or
any unauthorised access then after.
• If u can't access profile contents because of privacy settings then you must record its user-id
so it can be useful to request details from Social networking Site end.

After taking all the snapshots and victim/witness's detailed statement about crime/incident,
investigator should ask social networking site for available details from their side.

For that investigator must have knowledge about procedures to obtain details/logs from any Social
networking site/Web Site/blog. there are several methods for obtaining data records from their side
for legal investigation/enquiries which are also being changed time to time and also depends on
country from where Service provider/website is being maintained/operated.

Legal Procedures
(1) legal notice under applicable law /procedure (Section 91 of CRPC for India) for obtaining log-
records being saved on server side in electronic form.

(2) Additional legal required documents in case of preservation or any details which are not being
served in log-records (mostly not being used in all cases).

(3) letter rogatory/ MLAT process documents in case of involvement of other nation's jurisdiction and
also depends seriousness of case ( not all security/law enforcement agencies are doing this
procedure and in only very serious criminal act like terrorism, tax evasion, money laundering, human
trafficking etc.. )

(4) other legal documents which can be used for various purpose(interception, blocking access,
terminating services/account).

Social Network Crime Investigation Page 7

Social Network Crime Investigation

What Details/Records Each social networking site provides to

law enforcements in india through Section 91 Request.?
Facebook

• login-out details along with timestamps (server log data)

• alternate/recovery contact details
• registered mobile numbers (if available)
• credit card/banking details (if available)
• page details along with admin details
• creation-termination timestamps

Google+, youtube, blogger

• Google or YouTube account registration information

• User name
• account creation information and associated email addresses
• Phone Number
• recent sign-in IP addressesand associated time stamps

Google Voice:

• Subscriber registration information

• Sign-up IP address and associated time stamp
• Telephone connection records
• Billing information

Social Network Crime Investigation Page 8

Social Network Crime Investigation

Using Facebook Law enforcement online request System

By this you will receive secure access link on provided government email id.
(Note: secure access link will be active only for an hour)

Social Network Crime Investigation Page 9

Social Network Crime Investigation

you will be logged into law enforcement online request

system portal

Social Network Crime Investigation Page 10

Social Network Crime Investigation

Fill all relevant official details

Social Network Crime Investigation Page 11

Social Network Crime Investigation

Fill All appropriate details

Social Network Crime Investigation Page 12

Social Network Crime Investigation

Social Network Crime Investigation Page 13

Social Network Crime Investigation

Social Network Crime Investigation Page 14

Social Network Crime Investigation

Social Network Crime Investigation Page 15