|
|
|
Visualizing Online Investigations - LIVE |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : This is my 3rd blog post on data visualization, its becoming a bit of a hobby if Im honest. Its really good fun Aside from fun, I am beginning to believe that there is a significant future in enabling investigators and juries alike to be able to see data in a way that is meaningful and useful. In my last post I outlined how Facebook chat was graphed for an abuse case and I had many interesting emails on the subject. There is a lot of work to do but I decided to move on to a more challenging area, visualizing online data in a LIVE setting. It seemed that there were 2 areas worth looking at, Twitter and investigating web sites. For both of the examples below I used the free graphing tool Gephi with a variety of plugins. Twitter I'm sure no one reading this needs to have an explanation of Twitter, however, there are areas where an investigator may want to use Twitter to understand how an event was panning out live. An example would be the Police monitoring the ring leaders of a riot or a journalist looking for the movers and shakers in the development of a news event. An example of the latter came up when I was playing early on with live mapping of Twitter feeds. I had set a filter to intercept all syria hashtags during the bombardment of the Syrian city of Homs. As the tweets hit 3000 a pattern began to exist in the spherical graph, a cluster of someone who was a tweeter being heavily retweeted. Zooming into the graph gave me his username. A bit of research indicated that this guy was IN homs at the time tweeting what he was seeing in real time. If I was a journalist, I would be wanting to talk to this guy. Using Gephi with a plugin written specifically for Twitter data I started working with different filters and displays. The plugin taps into the global Twitter feed and applies the filter to decide what to capture. Eventually, I got it sorted and I have posted a slightly less serious example on Youtube with appropriate music. I was working on it when I heard that Whitney Houston had sadly died. I quickly started a Twitter capture with hashtags associated with the singer and started a video screen capture. It is fascinating to watch the Tweets arrive and clusters begin to take shape. Initially the busy tweeters were the news outlets such as CNN, but these were quickly replaced with people , some of which were very popular to retweet. This is definitely a capability that many investigators should examine. Check out the Whitney video or watch it on YouTube - http www.youtube.com watch v E70smI9hY_I. Internet Investigations For any investigator, whether it be Police, Corporate investigator, Social Engineer or Journalist the ability to understand the web presence of their subject can be invaluable. Being able to simply browse to their targets web site and see what links exist, what services are in use, who handles their credit cards, whether they use analytics, so many different aspects. Again using Gephi along with an http plugin I set Firefox up to proxy through the plugin and started recording. Using Firefox I then browsed to the web site of OccupyWallSt.org and navigated through its pages. The results can be seen with appropriate music again below or at YouTube - http www.youtube.com watch v oXgEEznpyvg. Forensic visualization is probably best used to see data in a clearer way from results gleaned from a disk or RAM dump etc. However, these live feeds provide a fascinating view of the world or an investigation tool that should not be overlooked. Les derniers articles du site "CSITech Computer Forensics" :- Extracting recent contacts from OSX Mail- iPhone Video Metadata - Tool released- iPhone Video Metadata- Maltego Machines and other stuff- Password extraction fun- Volatility - cmdscan buggy - Advanced Open Source Intelligence Gathering- Firewire fun with Thunderbolt- Skype IP addresses - in the clear- Visualizing Online Investigations - LIVE
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
