1

APRESENTATION

ON

FORENSICS TOOL

2

FACEBOOK FORENSICS

TOOLKIT(FFT)

3

Objectives• Introduction to the forensics Kit• Facebook Forensic Toolkit v2.9.4• Installation• Test Run • The Report • Analysis, discussion• References/ Sources• FAQs

4

IntroductionFacebook Forensic Toolkit(FFT)It’s a eDiscovery Software used to Conduct online investigations that includes:- Identify suspect or illegal content Preserve digital evidenceinstantly download full profiles Create profile public/private screenshots Obtain account suspension or profile informationCreate clear expert reports with a single click.

5

Facebook Forensic Toolkit v2.9.4

Marketed by Afentis ForensicsLeading scientific support investigation practice with expert witnesses providing DNA analysis, fingerprint evaluations, firearm evidence, cell site analysis - from crime scene to court.Developed by Mr Patel, Director at Afentis Forensics, to assist digital evidence and e-Discovery analysts.

6

Service Provided by FFT• Profile CloneDownload complete Facebook profiles - incl personal information, groups, associations, friends, media/photos, and status updates • ACPO CompliantAssociation of Chief Police Officers (ACPO) evidence guidelines compliant - verifiable audit logs for Court or procedural requirements • Save CasefilesSave investigation progress and casefiles in open data format (XML) - share files with other investigators or resume a previous assessment • Expert ReportProduction in HTML detailing the investigation conducted, search parameters, results of filters or data mining operations

7

The Popular users of the FFT

8

Installation

• Step-1 Go to the website of http://www.facebookforensics.com/index.htmlAnd click the download button on Home page.

9

Installation• Step-2Fill up the form that appears to the console.

10

Installation• Step-3A protected link will be sent to the email used.

11

Installation• Step-4Using the given link, the zip file of 11.1 MB named facebook_forensics_toolkit will be downloaded. By extracting the zip-file a FFT setup file will be seen. Clicking it we will find a installation & Prerequisites wizard.

12

Installation

• Step-5The software has two pre-requisites:-• MS .NET Framework

4.5• Google Chrome

BrowserThese has to be downloaded before using the tool.

13

Test Run

• Step-1After the completion of download, run the FFT icon on the desktop.This Home page will appear. Choose the “Examine Profile and Clone Data”

14

Test Run• Step-2Fill up the required field that includes:- -Case No -Evidence No.-Unique Description,-Examiner -Notes which will be appeared in the Final Report .

15

Test Run

• Step 3Activate the All (Up-right) button of this page so that u may get most of the information of the target Facebook account.

16

Test Run• Step 4The target account can be accessed through – The account holder Friend Selected any of them.

17

Test Run

• Step 5The forensics officer has to have a valid Facebook account to access the target account. Fill the User name & password and click the button “Authenticate”

18

Test Run• Step 6www.facebook.com will be automatically opened on the Google chrome and user name & password will be set by the FFT . Facebook data provider apps will be generated by which FFT will extract the information.

19

Test Run• Step 7After the completion of data extraction on FFT, this page will appear having there tabs-• Investigate• Results• Report

20

Test Run• Step 8Specific search option is enabled in the friend list option on the targeted account.

21

Test Run• Step 9A complete profile investigation can be performed as follows.

22

Test Run• Step 10A XML doc file will be automatically generated for the further use of the forensics officer.

23

• Step 11All the sent and received massages can be extracted by FFT .

Test Run

24

• Step 12The groups in which the target account holder is attached to can be seen through FFT .

Test Run

25

• Step 13A detailed list on the friends can be extracted as well.

Test Run

26

• Step 14FFT provides a screenshot for the target profile for future use.

Test Run

27

• Step 15A mapping of all the contacts of the targeted account can be executed through FFT .

Test Run

28

The Report

29

AnalysisThe tool analyzed the following points in much detail:• Case Number• Evidence Number• Unique Description• Examiner• Notes• User Profile ID or URL• Output Directory• Current Time/Date• Profile Details• Profile Image• Cover Image• Name

• Profile URL• Hometown• Location• Email• Website• Birth Day• Relationship Status• Significant Other• Interested In• About Me• Biography• Education

30

DiscussionThrough these details discussions, a forensics may be able to track the followings of the suspected target :-

• Personal info of the profile• Likes & Pages of the suspect• Friends of the target profile• Groups of the suspect• Day to day sent & received massages of the profile• Selective profiling of the suspect• Inspect any doubt behavior on Facebook of the suspect• Apps & games used by the target profile.• Any suspected events participated by the suspect.

31

References• 5 tools for digital forensics. (2010, march 16). Retrieved

October 23, 2015, from linkedin.com: www.linkedin.com • WikiForenscis. (2010, June 21). Retrieved October 21,

2015, from wikipedia.com:http://forensicswiki.org/wiki/Tools• Facebook Forensics. (2011, January 25). Retrieved

October 22, 2015, from Facebookforensics.com: http://www.facebookforensics.com/index.html• Anthony C. T. Lai, W. L. (2011). Facebook Forensics.

Tokyo, Japan: Valkyrie-X Security Research Group (VXRL).