Vista新浪博客搬家工具
新浪博客搬家工具 时间:2021-01-26 阅读:()
ForensicAnalysistowardstheuserbehaviorofSinamicroblogLongChen1,a,Yong-QingWang2,b1,2Departmentofcomputer,ChongqingUniversityofPostsandTelecommunications,Chongqing,400065,China.
achenlong@cqupt.
edu.
cn,bwangyongqing123@163.
comKeywords:Microblog,userbehaviour,iOSdataacquisition.
Abstract.
Microblog,anewnetworkapplicationintheeraofWeb2.
0,hasbecomeoneofthemajormediuminChina.
Itsmainfeaturesareasfollowings:largenumberofusers,frequentstatusofupdatinginformation,fasttransmissionspeedofinformation.
ThewritertookSinaWeiboiPhoneAppasanexampletostudythebehaviorofindividualcharacteristicsofmicroblogusersbyanalyzingthedatafromsamplesgeneratedbyusingmicroblog.
IntroductionDuetothepopularityandprevalenceofsmartphones,thenumberofthird-partymobileapplicationsincreasesrapidly.
ThenumberofmobileapplicationsinApple'sofficialAppStorehasreached1.
49millionbyJanuary2015[1].
Manyapplicationsaremakingthefeature-richsmartphones.
Therearemanypotentialevidenceforforensicsworkers.
Foreignresearchinthefieldofthird-partyapplicationsfocusesonFacebook,TwitterandMySpace.
Themainstudyfocusesonanalyzinguser'ssocialnetworkingactivityandwhetherthedatastoredinthemainmemoryandthemobilephonecanberestored[2].
DomesticresearchinthisfieldfocusesonWechatandSinaMicroblog.
ForWechat,themainstudyfocusesonanalyzingthefiledirectorystructure[3]andgettingtheaudiofile[4].
ForSinaMicroblog,therearetwomethodsofextractingthedataofSinaMicroblog:acquiringinformationbasedonSinaMicro-BlogOpenPlatformandacquiringinformationbasedonnetworkdataflow[5].
ButwiththedevelopmentofmobileInternet,manySinaMicroblogusersbegintousemobileclientotherthanPCclient,andthereisnorelevantresearchondataextractionofSinaMicroblogApp.
ThewritertookSinaMicroblogiPhoneAppasanexampletoextractsomeimportantdataofSinaMicroblogiPhoneApp,thenanalyzedthedirectorystructureofmicroblogbackupfileandrelevantimportantdata.
ThemethodmentionedinthispapercanhelpforensicinvestigatoracquiresomeimportantdataofSinaMicroblogquicklyandanalyzetheuserbehavioreasily.
MicroblogUserBehaviorMicroblog,asakindofnewinformationcommunicationplatform,cansatisfyourdifferentrequirements,suchasinformationacquisition,informationcommunicationandinformationsharingetc[6].
OntheInternet,therearethreemaintypicalbehaviorsofMicroblogusers:followothers,befollowedbyothers,totweet.
Thefirstoneisakindofbehaviorthattheuseracquiressomeinformationbyfollowingotherusers.
Thesecondoneisakindofbehaviorthattheuseraffectsotherusersthroughbeingfollowedbyothers.
Thethirdoneisakindofbehaviorthattheuserwritestwitterandspreadsinformation.
ThegreaterthenumberofMicroblogbeingcreatedandreposted,thelargertheinformationbeingtransferredbytheuser[7].
DataAcquisitionTherearethreewaystoacquiredatafromiOSdevices:acquiredatafrombackupfile,acquiredatabylogicalmethodandacquiredatabyphysicalmethod.
ThispaperfocusesonhowtoacquiredatafromiOSdevicesbybackupfile.
iPhonebackupsdatabyusingiTunesaccordingtosomesynchronousprotocolsaboutMACOS,sowecanacquiredatafromthebackupdirectoriesstoredinthecomputer.
However,onlythefiledatasynchronizedexactlybysynchronousprotocolcanbeacquirebythismethod.
DifferentoperatingsystemhasdifferentstoragelocationwheniPhonebackupsdatabyusingiTunes,thedetailinformationisshownintable1.
Table1.
backupfile'sstoragelocationofusingiTunesOperationsystemlocationWindowsXPWindowsVista/Windows7MacOSXC:\documentsandsetting\\ApplicationData\AppleComputer\MobleSync\BackupC:\Users\\AppData\Roaming\AppleComputer\MobleSync\BackupUsers//Library/ApplicationSupport/MobileSync/Backup/Alargenumberofkeyinformationcanberecoveredbyusingthemethodmentionedabove.
Frequently-useddataisusuallystoredintheSQLitedatabaseandsomepropertylistfile,assynchronousprotocolcansupportsynchronousoperationoftheSQLdatabaseandsomepropertylistfile.
ForensicanalysisofiPhonethird-partyapplicationTheforensicanalysisofthedatageneratedbyiPhonethird-partyapplicationconsistsofthreeparts:analyzingfileanddirectorystructure,analyzingdatabase/plistfile,correlationanalysis.
IOSdevicecontainsalargenumberofvarioustypesofdata,includingsomedatarelatedwithmobilephoneandbuilt-inapplications,suchascalllog,contacts,shortmessages,photosandthecachefilesofSafaribrowseretc.
Inadditiontothis,iOSalsocontainsthedatageneratedbythethirdpartyapplicationswhicharefromAppStore.
IOSdevicehastwokindsofstorageformats:oneispropertylistfile(plist)inbinaryform,it'susedtostoresomesetupinformation;anotherisSQLitedatabase,it'susedtostorepersonalinformation[8].
Analyzingfileanddirectorystructure.
EveryiOSapplicationhasitsownsandbox,thesandboxisaspecialfilesystemdirectorywhichisseparatedfromotherfiledirectories.
Itcanpreventanyapplicationtoexchangedatawithotherapplications.
Thethird-partyappsofiPhoneareusuallystoredin/private/var/mobile/Applications.
Everythird-partyapphastwodirectories:/Documentsand/Library,thefirstdirectorycontainssomedocumentinformation,theseconddirectorycontainspreferencesettingsandsomecachefiles[9].
Butdifferentthirdpartyapplicationhasdifferentstoragelocationandformat.
Analyzingdatabase/plistfile.
SQLitedatabaseisoneofthemostcommondatatypeforstorage,it'smainlyfoundinthemobileapplicationdevelopment.
ManyapplicationsintheiOSuseSQLitetostoredata.
Manyimportantdata(suchasContacts,ShortMessages,CallHistoryetc)arestoredintheformofSQLitedatabase,thesedataareencodedinUTF-8.
PropertyListfileismainlyusedtostoreserializedobjects.
Thefilenameextensionis.
plist,soit'susuallycalledplistfile.
Plistfileisusuallytostoreusersettingsandextrainformation.
Plistfileisconsistofthreeclasseswithhierarchicalstructure:CocoaFoundation、CoreFoundationandXML,allnodesaredisplayedinalist.
Correlationanalysis.
Althoughthesefilesincludemanyimportantinformation,suchastheuniqueIDofvisitingsocialnetworksite,specialdata,whereandwhentheeventistakingplace.
AnalyzingSinaMicroblogThispaperwilltakeSinaMicroblogiPhoneAppasanexampletodiscusshowtoanalyzeMicroblogusers'behaviorforforensicinvestigator.
Thisworkincludestwosteps:extractimportantbackupfiledatarelatedwithSinaMicroblogusers'behavior,andanalyzeSinaMicroblogdirectorystructure,importantdatabaseandplistfile.
Asthebackfilesareallencryptedfiles,wecanusesomeforensictoolstorestoretheseencryptedfiles,twotoolsusedinthispaperareiBackupBotforiTunes.
Fig1showsthedirectorystructurediagramofusingiPhoneDataRecoverytorestoreSinaMicroblog,SinaMicrobloghastwodirectories:/Documentsand/Library,thefirstdirectoryisusedtostoredocumentinformation,thesecondoneisusedtostorepreferencesettingsandcacheinformation.
Fig1.
DirectoryStructureofSinaMicroblogImportantinformationofSinaMicroblogiPhoneAppisstoredinaSQLitedatabasecalledDocuments/db_42500_1992761734.
dat,thelasttendigits(1992761734)istheuniqueidoftheuser.
Thenwecanknowthatthefilenameofthisdatabasefileinthebackupfilesis4ab36716f9ce19991ac7950591b2c06475e5d21ebycomputingthehashvalue(sha1)ofppDomain-com.
sina.
microblog-Documents/db_42500_1992761734.
dat.
Thenwecanfindseveraltablesinthisdatabasefile,thedetailinformationisshowninFig2.
Fig2.
SQLitefileIt'seasytoanalyzetherelationshipbetweenthedatacontentandcorrespondingMicrobloginformationbyviewingthestructureofeachtable.
Eachtableinthedatabase(db_42500_1992761734.
dat)hasdifferentfunctions,thedetailinformationisshownasfollowings:contact_group_count:Thistableisusedtorecordtheamountofusersineachgroupoffolloingotherusers.
contact_groups:Thistableisusedtorecordsomeinformationaboutbeingfollowedbyotherusers,includingtheGIDandnameofeachgroup.
contact_x_group:Thistableisusedtorecordtheuserslistofbeingfollowedbyothers,includinguserIDandthegroupIDofeachgroup.
contacts:Thistableisusedtorecordtheuserslistoffollowingothers,includingusernameanduserIDetc.
pm_conversations:Thistableisusedtorecordthelistofuser'sMicroblogprivatemessages,includingthenewestrecordofprivatemessagewitheachuser.
pm_messages:ThistableisusedtorecordtheMicroblogmessagelist.
microblogs:ThistableisusedtorecordMicrobloginformationbyuser'stimeline,includingthecontentofMicroblogmessage,theauthorofMicroblogmessage,userID,posttime,theamountofforwarding,thenameofMicroblogclient,geographicalpositioninformation,thelinkofpictureattachedtoMicroblogmessageandsoon.
Twokindsoftypicaluserbehaviors,"Follow"and"Befollowed",formthebasisofMicrobloguser'ssocialnetwork[10].
Wecanacquiretheuserslistoffollowingothersfromthecontactstable.
Thecontactstablecandirectlyreflecttheuser'sintereststowardsdifferentkindofinformation.
Ifwewanttoknowtheuser'ssocialnetworkinformation,weshouldviewtheuser'sfanslistfromcontact_x_grouptable.
User-postedMicroblogmessagesarerecordedinweibotablebytimeline.
Thelast50microblogrecordsarestoredinthemobileclient,theserecordsincludethemicroblogmessagespostedorbrowseredbytheuser.
TheinformationrecordedinthemicroblogtableisveryimportantforstudyingforensicinvestigationofMicrobloguser'sbehavior.
hedetailinformationofeachfieldandthecorrespondingmeaningisshowninTable2Table2theinformationofweibotableFieldStoredinformationStoreddatatypenickUsernicknameNSStringuidTheuniqueIDofuserNSNumeber(intValue)portraitImageInformationNSStringconcentThebodyofpostedMicroblogNSStringpicEmbeddedpictureintheMicroblogNSStringdatelineThedateofpostingMicroblogNSDatertrootuidTheuniqueIDofthepostedMicroblogNSNumeber(intValue)rtrootnickThenicknameofthepostedMicroblogNSStringrtreasonThecommentcontentofforwardedMicroblogNSStringsourceTheappofpostingMicroblogNSStringlongitudeLongitudeNSNumber(floatValue)latitudeLatitudeNSNumber(floatValue)url_structsThelinkinformationembeddedintheMicroblogNSDictionarypage_infoPageinformation(position,topicetc)NSDictionarytopic_structsTopicinformation(thelinkandtitleofthetopic)NSDictionarypic_id_infosThepictureembeddedinthepostedMicroblogNSDictionaryextra_propertiesExtrainformation(Ifthevalueofrelationis0,itindicatesthatthismessageispostedbytheuser;ifthevalueofrelationis1,itindicatesthatthismessageisthepublichomepage'smicroblogmessagewhichisbrowseredbytheuser.
)NSDictionaryTheforensicinvestigatorcanobtainmanyusefulinformationbyanalyzingtheimportantfieldsinweibotable,suchasuser-postedmicroblogmessages,thepublichomepage'smicroblogmessageswhicharebrowseredbytheuser,wheretheuserpostedthemicroblogmessage.
Inadditiontothis,theuser'strackduringaperiodoftimecanbeobtainedbyanalyzingtheinformationoflongitudeandlatitude,thentheforensicinvestigatorcananalyzeMicroblogusers'behaviorfromthepointoftimeandspacerelations.
Exceptforthis,wecandirectlyvisittheuser'sMicrobloghomepagebyenteringtheURL:http://microblog.
com/0000000000inthebrowser'saddressbartovalidatewhethertheIDnumberintheURLbelongstotheuser.
WecanacquireallkindsofdataofMicroblogbycallingAPIinterfaceprovidedbySina,includingpersonalprofileinformation,geographicalpositioninformation,dynamicinteractioninformation,user'sfansinformation.
SummaryAtpresent,theresearchofMicrobloguser'sbehaviorandacquiringMicroblogdataareconductedseparately,buttheyareinseparableforforensicworkers.
Onthisbasis,thispapertookSinaMicroblogiPhoneAppasanexampleandproposedanewmethod:firstlyextractdatafromMicroblogapp,thenmakeanalyzeuserbehaviorforthepurposeofforensicanalysis,thismethodcanbeappliedtootherMicroblogapp,too.
AcknowledgementsThisworkissupportedbyNationalSocialScienceFoundationProjectofP.
R.
China(No.
14BFX156),NaturalScienceFoundationProjectofCQCSTCofP.
R.
China(No.
cstc2011jjA40031).
References[1]Informationonhttp://www.
pocketgamer.
biz/metrics/app-store/[2]MutawaNA,BaggiliI,MarringtonA.
Forensicanalysisofsocialnetworkingapplicationsonmobiledevices[J].
DigitalInvestigation,2012,9(15):S24–S33.
[3]GaoF,ZhangY.
AnalysisofWeChatoniPhone[C]//2ndInternationalSymposiumonComputer,Communication,ControlandAutomation.
AtlantisPress,2013.
[4]DuJiang,WangCong.
iPhonethird-partysoftwareforensicsresearch[J].
ComputerCDSoftwareandApplications.
2013,(13):53-54.
[5]HUANGYan-wei,LIUJia-yong.
StudyonSinamicroblogDataAcquisitionTechnology[J].
InformationSecurityandCommunicationsPrivacy.
2013(06):71-73.
[6]ZhaoLing,ZhangJing.
Multi-dimensionalAnalysisofMicroblogUserBehaviorResearch[J].
InformationandDocumentationServices.
2013(05).
[7]ChenPeng,ShuiJinguang.
StatisticalAnalysisofMicroblogUserTypicalBehaviorbasedonIndividualProperty[J].
KnowledgeManagementForum.
2013(05).
[8]ChenCN,TsoR,YangCH.
DesignandImplementationofDigitalForensicSoftwareforiPhone[C]//InformationSecurity(AsiaJCIS),2013EighthAsiaJointConferenceon.
IEEE,2013:90-95.
[9]LevinsonA,StackpoleB,JohnsonD.
Thirdpartyapplicationforensicsonapplemobiledevices[C]//SystemSciences(HICSS),201144thHawaiiInternationalConferenceon.
IEEE,2011:1-9.
[10]XUXiao-dong,XIAOYin-tao,ZHUShi-rui.
SimulationInvestigationofRumorPropagationinMicrobloggingCommunity[J].
ComputerEngineering.
2011,37(10):272-274.
achenlong@cqupt.
edu.
cn,bwangyongqing123@163.
comKeywords:Microblog,userbehaviour,iOSdataacquisition.
Abstract.
Microblog,anewnetworkapplicationintheeraofWeb2.
0,hasbecomeoneofthemajormediuminChina.
Itsmainfeaturesareasfollowings:largenumberofusers,frequentstatusofupdatinginformation,fasttransmissionspeedofinformation.
ThewritertookSinaWeiboiPhoneAppasanexampletostudythebehaviorofindividualcharacteristicsofmicroblogusersbyanalyzingthedatafromsamplesgeneratedbyusingmicroblog.
IntroductionDuetothepopularityandprevalenceofsmartphones,thenumberofthird-partymobileapplicationsincreasesrapidly.
ThenumberofmobileapplicationsinApple'sofficialAppStorehasreached1.
49millionbyJanuary2015[1].
Manyapplicationsaremakingthefeature-richsmartphones.
Therearemanypotentialevidenceforforensicsworkers.
Foreignresearchinthefieldofthird-partyapplicationsfocusesonFacebook,TwitterandMySpace.
Themainstudyfocusesonanalyzinguser'ssocialnetworkingactivityandwhetherthedatastoredinthemainmemoryandthemobilephonecanberestored[2].
DomesticresearchinthisfieldfocusesonWechatandSinaMicroblog.
ForWechat,themainstudyfocusesonanalyzingthefiledirectorystructure[3]andgettingtheaudiofile[4].
ForSinaMicroblog,therearetwomethodsofextractingthedataofSinaMicroblog:acquiringinformationbasedonSinaMicro-BlogOpenPlatformandacquiringinformationbasedonnetworkdataflow[5].
ButwiththedevelopmentofmobileInternet,manySinaMicroblogusersbegintousemobileclientotherthanPCclient,andthereisnorelevantresearchondataextractionofSinaMicroblogApp.
ThewritertookSinaMicroblogiPhoneAppasanexampletoextractsomeimportantdataofSinaMicroblogiPhoneApp,thenanalyzedthedirectorystructureofmicroblogbackupfileandrelevantimportantdata.
ThemethodmentionedinthispapercanhelpforensicinvestigatoracquiresomeimportantdataofSinaMicroblogquicklyandanalyzetheuserbehavioreasily.
MicroblogUserBehaviorMicroblog,asakindofnewinformationcommunicationplatform,cansatisfyourdifferentrequirements,suchasinformationacquisition,informationcommunicationandinformationsharingetc[6].
OntheInternet,therearethreemaintypicalbehaviorsofMicroblogusers:followothers,befollowedbyothers,totweet.
Thefirstoneisakindofbehaviorthattheuseracquiressomeinformationbyfollowingotherusers.
Thesecondoneisakindofbehaviorthattheuseraffectsotherusersthroughbeingfollowedbyothers.
Thethirdoneisakindofbehaviorthattheuserwritestwitterandspreadsinformation.
ThegreaterthenumberofMicroblogbeingcreatedandreposted,thelargertheinformationbeingtransferredbytheuser[7].
DataAcquisitionTherearethreewaystoacquiredatafromiOSdevices:acquiredatafrombackupfile,acquiredatabylogicalmethodandacquiredatabyphysicalmethod.
ThispaperfocusesonhowtoacquiredatafromiOSdevicesbybackupfile.
iPhonebackupsdatabyusingiTunesaccordingtosomesynchronousprotocolsaboutMACOS,sowecanacquiredatafromthebackupdirectoriesstoredinthecomputer.
However,onlythefiledatasynchronizedexactlybysynchronousprotocolcanbeacquirebythismethod.
DifferentoperatingsystemhasdifferentstoragelocationwheniPhonebackupsdatabyusingiTunes,thedetailinformationisshownintable1.
Table1.
backupfile'sstoragelocationofusingiTunesOperationsystemlocationWindowsXPWindowsVista/Windows7MacOSXC:\documentsandsetting\\ApplicationData\AppleComputer\MobleSync\BackupC:\Users\\AppData\Roaming\AppleComputer\MobleSync\BackupUsers//Library/ApplicationSupport/MobileSync/Backup/Alargenumberofkeyinformationcanberecoveredbyusingthemethodmentionedabove.
Frequently-useddataisusuallystoredintheSQLitedatabaseandsomepropertylistfile,assynchronousprotocolcansupportsynchronousoperationoftheSQLdatabaseandsomepropertylistfile.
ForensicanalysisofiPhonethird-partyapplicationTheforensicanalysisofthedatageneratedbyiPhonethird-partyapplicationconsistsofthreeparts:analyzingfileanddirectorystructure,analyzingdatabase/plistfile,correlationanalysis.
IOSdevicecontainsalargenumberofvarioustypesofdata,includingsomedatarelatedwithmobilephoneandbuilt-inapplications,suchascalllog,contacts,shortmessages,photosandthecachefilesofSafaribrowseretc.
Inadditiontothis,iOSalsocontainsthedatageneratedbythethirdpartyapplicationswhicharefromAppStore.
IOSdevicehastwokindsofstorageformats:oneispropertylistfile(plist)inbinaryform,it'susedtostoresomesetupinformation;anotherisSQLitedatabase,it'susedtostorepersonalinformation[8].
Analyzingfileanddirectorystructure.
EveryiOSapplicationhasitsownsandbox,thesandboxisaspecialfilesystemdirectorywhichisseparatedfromotherfiledirectories.
Itcanpreventanyapplicationtoexchangedatawithotherapplications.
Thethird-partyappsofiPhoneareusuallystoredin/private/var/mobile/Applications.
Everythird-partyapphastwodirectories:/Documentsand/Library,thefirstdirectorycontainssomedocumentinformation,theseconddirectorycontainspreferencesettingsandsomecachefiles[9].
Butdifferentthirdpartyapplicationhasdifferentstoragelocationandformat.
Analyzingdatabase/plistfile.
SQLitedatabaseisoneofthemostcommondatatypeforstorage,it'smainlyfoundinthemobileapplicationdevelopment.
ManyapplicationsintheiOSuseSQLitetostoredata.
Manyimportantdata(suchasContacts,ShortMessages,CallHistoryetc)arestoredintheformofSQLitedatabase,thesedataareencodedinUTF-8.
PropertyListfileismainlyusedtostoreserializedobjects.
Thefilenameextensionis.
plist,soit'susuallycalledplistfile.
Plistfileisusuallytostoreusersettingsandextrainformation.
Plistfileisconsistofthreeclasseswithhierarchicalstructure:CocoaFoundation、CoreFoundationandXML,allnodesaredisplayedinalist.
Correlationanalysis.
Althoughthesefilesincludemanyimportantinformation,suchastheuniqueIDofvisitingsocialnetworksite,specialdata,whereandwhentheeventistakingplace.
AnalyzingSinaMicroblogThispaperwilltakeSinaMicroblogiPhoneAppasanexampletodiscusshowtoanalyzeMicroblogusers'behaviorforforensicinvestigator.
Thisworkincludestwosteps:extractimportantbackupfiledatarelatedwithSinaMicroblogusers'behavior,andanalyzeSinaMicroblogdirectorystructure,importantdatabaseandplistfile.
Asthebackfilesareallencryptedfiles,wecanusesomeforensictoolstorestoretheseencryptedfiles,twotoolsusedinthispaperareiBackupBotforiTunes.
Fig1showsthedirectorystructurediagramofusingiPhoneDataRecoverytorestoreSinaMicroblog,SinaMicrobloghastwodirectories:/Documentsand/Library,thefirstdirectoryisusedtostoredocumentinformation,thesecondoneisusedtostorepreferencesettingsandcacheinformation.
Fig1.
DirectoryStructureofSinaMicroblogImportantinformationofSinaMicroblogiPhoneAppisstoredinaSQLitedatabasecalledDocuments/db_42500_1992761734.
dat,thelasttendigits(1992761734)istheuniqueidoftheuser.
Thenwecanknowthatthefilenameofthisdatabasefileinthebackupfilesis4ab36716f9ce19991ac7950591b2c06475e5d21ebycomputingthehashvalue(sha1)ofppDomain-com.
sina.
microblog-Documents/db_42500_1992761734.
dat.
Thenwecanfindseveraltablesinthisdatabasefile,thedetailinformationisshowninFig2.
Fig2.
SQLitefileIt'seasytoanalyzetherelationshipbetweenthedatacontentandcorrespondingMicrobloginformationbyviewingthestructureofeachtable.
Eachtableinthedatabase(db_42500_1992761734.
dat)hasdifferentfunctions,thedetailinformationisshownasfollowings:contact_group_count:Thistableisusedtorecordtheamountofusersineachgroupoffolloingotherusers.
contact_groups:Thistableisusedtorecordsomeinformationaboutbeingfollowedbyotherusers,includingtheGIDandnameofeachgroup.
contact_x_group:Thistableisusedtorecordtheuserslistofbeingfollowedbyothers,includinguserIDandthegroupIDofeachgroup.
contacts:Thistableisusedtorecordtheuserslistoffollowingothers,includingusernameanduserIDetc.
pm_conversations:Thistableisusedtorecordthelistofuser'sMicroblogprivatemessages,includingthenewestrecordofprivatemessagewitheachuser.
pm_messages:ThistableisusedtorecordtheMicroblogmessagelist.
microblogs:ThistableisusedtorecordMicrobloginformationbyuser'stimeline,includingthecontentofMicroblogmessage,theauthorofMicroblogmessage,userID,posttime,theamountofforwarding,thenameofMicroblogclient,geographicalpositioninformation,thelinkofpictureattachedtoMicroblogmessageandsoon.
Twokindsoftypicaluserbehaviors,"Follow"and"Befollowed",formthebasisofMicrobloguser'ssocialnetwork[10].
Wecanacquiretheuserslistoffollowingothersfromthecontactstable.
Thecontactstablecandirectlyreflecttheuser'sintereststowardsdifferentkindofinformation.
Ifwewanttoknowtheuser'ssocialnetworkinformation,weshouldviewtheuser'sfanslistfromcontact_x_grouptable.
User-postedMicroblogmessagesarerecordedinweibotablebytimeline.
Thelast50microblogrecordsarestoredinthemobileclient,theserecordsincludethemicroblogmessagespostedorbrowseredbytheuser.
TheinformationrecordedinthemicroblogtableisveryimportantforstudyingforensicinvestigationofMicrobloguser'sbehavior.
hedetailinformationofeachfieldandthecorrespondingmeaningisshowninTable2Table2theinformationofweibotableFieldStoredinformationStoreddatatypenickUsernicknameNSStringuidTheuniqueIDofuserNSNumeber(intValue)portraitImageInformationNSStringconcentThebodyofpostedMicroblogNSStringpicEmbeddedpictureintheMicroblogNSStringdatelineThedateofpostingMicroblogNSDatertrootuidTheuniqueIDofthepostedMicroblogNSNumeber(intValue)rtrootnickThenicknameofthepostedMicroblogNSStringrtreasonThecommentcontentofforwardedMicroblogNSStringsourceTheappofpostingMicroblogNSStringlongitudeLongitudeNSNumber(floatValue)latitudeLatitudeNSNumber(floatValue)url_structsThelinkinformationembeddedintheMicroblogNSDictionarypage_infoPageinformation(position,topicetc)NSDictionarytopic_structsTopicinformation(thelinkandtitleofthetopic)NSDictionarypic_id_infosThepictureembeddedinthepostedMicroblogNSDictionaryextra_propertiesExtrainformation(Ifthevalueofrelationis0,itindicatesthatthismessageispostedbytheuser;ifthevalueofrelationis1,itindicatesthatthismessageisthepublichomepage'smicroblogmessagewhichisbrowseredbytheuser.
)NSDictionaryTheforensicinvestigatorcanobtainmanyusefulinformationbyanalyzingtheimportantfieldsinweibotable,suchasuser-postedmicroblogmessages,thepublichomepage'smicroblogmessageswhicharebrowseredbytheuser,wheretheuserpostedthemicroblogmessage.
Inadditiontothis,theuser'strackduringaperiodoftimecanbeobtainedbyanalyzingtheinformationoflongitudeandlatitude,thentheforensicinvestigatorcananalyzeMicroblogusers'behaviorfromthepointoftimeandspacerelations.
Exceptforthis,wecandirectlyvisittheuser'sMicrobloghomepagebyenteringtheURL:http://microblog.
com/0000000000inthebrowser'saddressbartovalidatewhethertheIDnumberintheURLbelongstotheuser.
WecanacquireallkindsofdataofMicroblogbycallingAPIinterfaceprovidedbySina,includingpersonalprofileinformation,geographicalpositioninformation,dynamicinteractioninformation,user'sfansinformation.
SummaryAtpresent,theresearchofMicrobloguser'sbehaviorandacquiringMicroblogdataareconductedseparately,buttheyareinseparableforforensicworkers.
Onthisbasis,thispapertookSinaMicroblogiPhoneAppasanexampleandproposedanewmethod:firstlyextractdatafromMicroblogapp,thenmakeanalyzeuserbehaviorforthepurposeofforensicanalysis,thismethodcanbeappliedtootherMicroblogapp,too.
AcknowledgementsThisworkissupportedbyNationalSocialScienceFoundationProjectofP.
R.
China(No.
14BFX156),NaturalScienceFoundationProjectofCQCSTCofP.
R.
China(No.
cstc2011jjA40031).
References[1]Informationonhttp://www.
pocketgamer.
biz/metrics/app-store/[2]MutawaNA,BaggiliI,MarringtonA.
Forensicanalysisofsocialnetworkingapplicationsonmobiledevices[J].
DigitalInvestigation,2012,9(15):S24–S33.
[3]GaoF,ZhangY.
AnalysisofWeChatoniPhone[C]//2ndInternationalSymposiumonComputer,Communication,ControlandAutomation.
AtlantisPress,2013.
[4]DuJiang,WangCong.
iPhonethird-partysoftwareforensicsresearch[J].
ComputerCDSoftwareandApplications.
2013,(13):53-54.
[5]HUANGYan-wei,LIUJia-yong.
StudyonSinamicroblogDataAcquisitionTechnology[J].
InformationSecurityandCommunicationsPrivacy.
2013(06):71-73.
[6]ZhaoLing,ZhangJing.
Multi-dimensionalAnalysisofMicroblogUserBehaviorResearch[J].
InformationandDocumentationServices.
2013(05).
[7]ChenPeng,ShuiJinguang.
StatisticalAnalysisofMicroblogUserTypicalBehaviorbasedonIndividualProperty[J].
KnowledgeManagementForum.
2013(05).
[8]ChenCN,TsoR,YangCH.
DesignandImplementationofDigitalForensicSoftwareforiPhone[C]//InformationSecurity(AsiaJCIS),2013EighthAsiaJointConferenceon.
IEEE,2013:90-95.
[9]LevinsonA,StackpoleB,JohnsonD.
Thirdpartyapplicationforensicsonapplemobiledevices[C]//SystemSciences(HICSS),201144thHawaiiInternationalConferenceon.
IEEE,2011:1-9.
[10]XUXiao-dong,XIAOYin-tao,ZHUShi-rui.
SimulationInvestigationofRumorPropagationinMicrobloggingCommunity[J].
ComputerEngineering.
2011,37(10):272-274.
- Vista新浪博客搬家工具相关文档
- 民族新浪博客搬家工具
- 运动新浪博客搬家工具
- 新闻评论之名栏追踪
- "序号","网站名称"
- models新浪博客搬家工具
- 新闻标题:寻找搬家公司四大渠道
sharktech:老牌高防服务器商,跳楼价,1G独享$70、10G共享$240、10G独享$800
不知道大家是否注意到sharktech的所有服务器的带宽价格全部跳楼跳水,降幅简直不忍直视了,还没有见过这么便宜的独立服务器。根据不同的机房,价格也是不一样的。大带宽、不限流量比较适合建站、数据备份、做下载、做流媒体、做CDN等多种业务。 官方网站:https://www.sharktech.net 付款方式:比特币、信用卡、PayPal、支付宝、西联汇款 以最贵的洛杉矶机器为例,配置表如...
PacificRack(19.9美元/年)内存1Gbps带vps1GB洛杉矶QN机房,七月特价优惠
pacificrack怎么样?pacificrack商家发布了七月最新优惠VPS云服务器计划方案,推出新款优惠便宜VPS云服务器采用的是国产魔方管理系统,也就是PR-M系列,全系基于KVM虚拟架构,这次支持Windows server 2003、2008R2、2012R2、2016、2019、Windows 7、Windows 10以及Linux等操作系统,最低配置为1核心2G内存1Gbps带宽1...
wordpress投资主题模版 白银黄金贵金属金融投资网站主题
wordpress投资主题模版是一套适合白银、黄金、贵金属投资网站主题模板,绿色大气金融投资类网站主题,专业高级自适应多设备企业CMS建站主题 完善的外贸企业建站功能模块 + 高效通用的后台自定义设置,简洁大气的网站风格设计 + 更利于SEO搜索优化和站点收录排名!点击进入:wordpress投资主题模版安装环境:运行环境:PHP 7.0+, MYSQL 5.6 ( 最低主机需求 )最新兼容:完美...
新浪博客搬家工具为你推荐
-
金士顿内存卡价格金士顿16G和32G内存卡 价格视频制作软件哪个好哪个 制作视频的软件 比较好用而且是免费的?中文的滚筒洗衣机和波轮洗衣机哪个好一分钟看懂滚筒洗衣机和波轮洗衣机 滚筒洗衣机和波轮洗衣机哪个好朗逸和速腾哪个好速腾和朗逸哪个更好?三国游戏哪个好玩三国类的游戏哪些好玩点海克斯皮肤哪个好海克斯安妮和摄魂薇恩哪个好 需要多少宝石p图软件哪个好有什么P图工具比较好用qq空间登录器QQ空间校友网页自动登陆器yy空间登录怎么搞YY空间yy空间登录怎么登陆YY空间