Facebook Forensics Toolkit(FFT)
- 3. Objectives • Introduction to the forensics Kit • Facebook Forensic Toolkit v2.9.4 • Installation • Test Run • The Report • Analysis, discussion • References/ Sources • FAQs 3
- 4. Introduction Facebook Forensic Toolkit(FFT) It’s a eDiscovery Software used to Conduct online investigations that includes:- Identify suspect or illegal content Preserve digital evidence instantly download full profiles Create profile public/private screenshots Obtain account suspension or profile information Create clear expert reports with a single click. 4
- 5. Facebook Forensic Toolkit v2.9.4 Marketed by Afentis Forensics Leading scientific support investigation practice with expert witnesses providing DNA analysis, fingerprint evaluations, firearm evidence, cell site analysis - from crime scene to court. Developed by Mr Patel, Director at Afentis Forensics, to assist digital evidence and e-Discovery analysts. 5
- 6. Service Provided by FFT • Profile Clone Download complete Facebook profiles - incl personal information, groups, associations, friends, media/photos, and status updates • ACPO Compliant Association of Chief Police Officers (ACPO) evidence guidelines compliant - verifiable audit logs for Court or procedural requirements • Save Casefiles Save investigation progress and casefiles in open data format (XML) - share files with other investigators or resume a previous assessment • Expert Report Production in HTML detailing the investigation conducted, search parameters, results of filters or data mining operations 6
- 7. The Popular users of the FFT 7
- 8. Installation • Step-1 Go to the website of http://www.facebookforensics.com/index.html And click the download button on Home page. 8
- 9. Installation • Step-2 Fill up the form that appears to the console. 9
- 10. Installation • Step-3 A protected link will be sent to the email used. 10
- 11. Installation • Step-4 Using the given link, the zip file of 11.1 MB named facebook_ forensics_toolkit will be downloaded. By extracting the zip-file a FFT setup file will be seen. Clicking it we will find a installation & Prerequisites wizard. 11
- 12. Installation • Step-5 The software has two pre-requisites:- • MS .NET Framework 4.5 • Google Chrome Browser These has to be downloaded before using the tool. 12
- 13. Test Run • Step-1 After the completion of download, run the FFT icon on the desktop. This Home page will appear. Choose the “Examine Profile and Clone Data” 13
- 14. Test Run • Step-2 Fill up the required field that includes:- -Case No -Evidence No. -Unique Description, -Examiner -Notes which will be appeared in the Final Report . 14
- 15. Test Run • Step 3 Activate the All (Up- right) button of this page so that u may get most of the information of the target Facebook account. 15
- 16. Test Run • Step 4 The target account can be accessed through – The account holder Friend Selected any of them. 16
- 17. Test Run • Step 5 The forensics officer has to have a valid Facebook account to access the target account. Fill the User name & password and click the button “Authenticate” 17
- 18. Test Run • Step 6 www.facebook.com will be automatically opened on the Google chrome and user name & password will be set by the FFT . Facebook data provider apps will be generated by which FFT will extract the information. 18
- 19. Test Run • Step 7 After the completion of data extraction on FFT, this page will appear having there tabs- • Investigate • Results • Report 19
- 20. Test Run • Step 8 Specific search option is enabled in the friend list option on the targeted account. 20
- 21. Test Run • Step 9 A complete profile investigation can be performed as follows. 21
- 22. Test Run • Step 10 A XML doc file will be automatically generated for the further use of the forensics officer. 22
- 23. • Step 11 All the sent and received massages can be extracted by FFT . 23 Test Run
- 24. • Step 12 The groups in which the target account holder is attached to can be seen through FFT . 24 Test Run
- 25. • Step 13 A detailed list on the friends can be extracted as well. 25 Test Run
- 26. • Step 14 FFT provides a screenshot for the target profile for future use. 26 Test Run
- 27. • Step 15 A mapping of all the contacts of the targeted account can be executed through FFT . 27 Test Run
- 28. The Report 28
- 29. Analysis The tool analyzed the following points in much detail: • Case Number • Evidence Number • Unique Description • Examiner • Notes • User Profile ID or URL • Output Directory • Current Time/Date • Profile Details • Profile Image • Cover Image • Name 29 • Profile URL • Hometown • Location • Email • Website • Birth Day • Relationship Status • Significant Other • Interested In • About Me • Biography • Education
- 30. Discussion Through these details discussions, a forensics may be able to track the followings of the suspected target :- • Personal info of the profile • Likes & Pages of the suspect • Friends of the target profile • Groups of the suspect • Day to day sent & received massages of the profile • Selective profiling of the suspect • Inspect any doubt behavior on Facebook of the suspect • Apps & games used by the target profile. • Any suspected events participated by the suspect. 30
- 31. References • 5 tools for digital forensics. (2010, march 16). Retrieved October 23, 2015, from linkedin.com: www.linkedin.com • WikiForenscis. (2010, June 21). Retrieved October 21, 2015, from wikipedia.com: http://forensicswiki.org/wiki/Tools • Facebook Forensics. (2011, January 25). Retrieved October 22, 2015, from Facebookforensics.com: http://www.facebookforensics.com/index.html • Anthony C. T. Lai, W. L. (2011). Facebook Forensics. Tokyo, Japan: Valkyrie-X Security Research Group (VXRL). 31