As a digital forensics and incident response (DFIR) firm, BinaryLab has conducted numerous investigations to provide stakeholders with timeline and root cause analysis for issues ranging from business email compromise up to ransomware attacks. An oft-forgotten area of concern, however, is social media.
Social media channels can be a stand-alone area of investigation or, depending on the type of cyber incident, can be used to provide context and a potential timeline of activity by a threat actor.
To enhance our ability to use this type of investigation, BinaryLab uses a forensic tool capable of analyzing major social media platforms, including Facebook, Instagram, and Twitter, among others.
By combining our expertise and this forensic tool with open-source intelligence (OSINT), BinaryLab has provided clients with actionable information that has been used in reputational investigations and corroborating information used in criminal proceedings.
Social Media Investigations
Social media investigations are a type of OSINT that is focused on collecting and analyzing social media platforms.
Discovered information can include profile information, unique interactions with other social media platform users, or metadata of activity and interactions. Even physical locations the user logged in from are practical uses of metadata associated with social media activity.
Collecting and analyzing this data via open-source collection or having access to the end-user account strengthens our investigations and with any information or data type that is considered protected, our engineers ensure that all applicable laws, policies, regulations, and best practices are employed to respect the user’s privacy.
To ensure this, BinaryLab social media investigations must conform to an ethical approach to the investigation and a heightened threshold of confidentiality and integrity of operations.
BinaryLab’s social media investigation framework includes:
No impersonation of a person, past or present, will be used to access any information about the target.
The end client will sanction all social media investigations requiring account analysis, and the account owner will provide access with confirmation in writing of the purpose of the access, scope, and expected completion time.
Activity is directly sanctioned by direction of counsel or by internal, in-house counsel. This is especially important within the integrity of a social media investigation supporting a corporate reputation scenario.
Counsel will receive itemized open-source data sources prior to collection and analysis to ensure the target’s privacy and clearly stated scope.
BinaryLab has successfully conducted several social media investigations.
In one instance, a private middle school’s shared social media account was used to post inappropriate, highly political content. All users with access to the account denied involvement, which is when BinaryLab was asked to support the investigation.
Using our forensic analysis tool, the client provided the required account credentials where we could see a timeline of the activity, where the user had posted, and what the metadata — particularly sign-in data — showed.
Ultimately, we identified the individual, and through OSINT, could see that their posts were linked to accounts on various message boards.
Another case involved assisting during a jury trial, which require representatives for the plaintiff and defendant to select citizens from a jury pool.
During voir dire, both parties question each potential juror to determine if this person is fit to sit on the jury and ensure that the background of these individuals will be consistent with the end goal of delivering a non-prejudicial verdict. This check can include looking at an individual’s social media profile. Within the social media profile, our team is able to enumerate data sources or social media platforms, activity associated with other accounts (including interactions), and timestamps associated with the activity ensuring our legal partners have as comprehensive an understanding of the jury member as possible.
As our continued interactions with social media platforms grow, so will the need to scrutinize related data which may aid in an investigation. It is, of course, not without the potential of misuse and impact on an individual’s right to privacy and this topic will undoubtedly be a focal point of debate within legislative and judicial processes.
However, the importance of using this type of investigation is necessary and should be governed by the highest degree of ethical behavior. This includes providing confidentiality to all parties involved, not causing harm or disrepute to the investigated party, and conforming to the topmost level of integrity of operations to maintain the individual’s privacy.
BinaryLab is committed to protecting clients’ sensitive data by proactively addressing security concerns, as well as providing relevant and timely security expertise. For an assessment or more information, contact BinaryLab at 301-337-3131.
About the author
Sergio OrellanaChief Cybersecurity Officer
Sergio Orellana is the Chief Cybersecurity Officer of BinaryLab and leads the creation and delivery of enterprise-class cybersecurity and compliance solutions. He is a breach response expert with more than a decade of experience working on large and complex security incidents and investigations.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
This cookie is set by Wufoo for load balancing, site traffic and preventing site abuse.
This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
Set by Google to distinguish users.
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.