Vista新浪博客搬家工具
新浪博客搬家工具 时间:2021-01-26 阅读:()
ForensicAnalysistowardstheuserbehaviorofSinamicroblogLongChen1,a,Yong-QingWang2,b1,2Departmentofcomputer,ChongqingUniversityofPostsandTelecommunications,Chongqing,400065,China.
achenlong@cqupt.
edu.
cn,bwangyongqing123@163.
comKeywords:Microblog,userbehaviour,iOSdataacquisition.
Abstract.
Microblog,anewnetworkapplicationintheeraofWeb2.
0,hasbecomeoneofthemajormediuminChina.
Itsmainfeaturesareasfollowings:largenumberofusers,frequentstatusofupdatinginformation,fasttransmissionspeedofinformation.
ThewritertookSinaWeiboiPhoneAppasanexampletostudythebehaviorofindividualcharacteristicsofmicroblogusersbyanalyzingthedatafromsamplesgeneratedbyusingmicroblog.
IntroductionDuetothepopularityandprevalenceofsmartphones,thenumberofthird-partymobileapplicationsincreasesrapidly.
ThenumberofmobileapplicationsinApple'sofficialAppStorehasreached1.
49millionbyJanuary2015[1].
Manyapplicationsaremakingthefeature-richsmartphones.
Therearemanypotentialevidenceforforensicsworkers.
Foreignresearchinthefieldofthird-partyapplicationsfocusesonFacebook,TwitterandMySpace.
Themainstudyfocusesonanalyzinguser'ssocialnetworkingactivityandwhetherthedatastoredinthemainmemoryandthemobilephonecanberestored[2].
DomesticresearchinthisfieldfocusesonWechatandSinaMicroblog.
ForWechat,themainstudyfocusesonanalyzingthefiledirectorystructure[3]andgettingtheaudiofile[4].
ForSinaMicroblog,therearetwomethodsofextractingthedataofSinaMicroblog:acquiringinformationbasedonSinaMicro-BlogOpenPlatformandacquiringinformationbasedonnetworkdataflow[5].
ButwiththedevelopmentofmobileInternet,manySinaMicroblogusersbegintousemobileclientotherthanPCclient,andthereisnorelevantresearchondataextractionofSinaMicroblogApp.
ThewritertookSinaMicroblogiPhoneAppasanexampletoextractsomeimportantdataofSinaMicroblogiPhoneApp,thenanalyzedthedirectorystructureofmicroblogbackupfileandrelevantimportantdata.
ThemethodmentionedinthispapercanhelpforensicinvestigatoracquiresomeimportantdataofSinaMicroblogquicklyandanalyzetheuserbehavioreasily.
MicroblogUserBehaviorMicroblog,asakindofnewinformationcommunicationplatform,cansatisfyourdifferentrequirements,suchasinformationacquisition,informationcommunicationandinformationsharingetc[6].
OntheInternet,therearethreemaintypicalbehaviorsofMicroblogusers:followothers,befollowedbyothers,totweet.
Thefirstoneisakindofbehaviorthattheuseracquiressomeinformationbyfollowingotherusers.
Thesecondoneisakindofbehaviorthattheuseraffectsotherusersthroughbeingfollowedbyothers.
Thethirdoneisakindofbehaviorthattheuserwritestwitterandspreadsinformation.
ThegreaterthenumberofMicroblogbeingcreatedandreposted,thelargertheinformationbeingtransferredbytheuser[7].
DataAcquisitionTherearethreewaystoacquiredatafromiOSdevices:acquiredatafrombackupfile,acquiredatabylogicalmethodandacquiredatabyphysicalmethod.
ThispaperfocusesonhowtoacquiredatafromiOSdevicesbybackupfile.
iPhonebackupsdatabyusingiTunesaccordingtosomesynchronousprotocolsaboutMACOS,sowecanacquiredatafromthebackupdirectoriesstoredinthecomputer.
However,onlythefiledatasynchronizedexactlybysynchronousprotocolcanbeacquirebythismethod.
DifferentoperatingsystemhasdifferentstoragelocationwheniPhonebackupsdatabyusingiTunes,thedetailinformationisshownintable1.
Table1.
backupfile'sstoragelocationofusingiTunesOperationsystemlocationWindowsXPWindowsVista/Windows7MacOSXC:\documentsandsetting\\ApplicationData\AppleComputer\MobleSync\BackupC:\Users\\AppData\Roaming\AppleComputer\MobleSync\BackupUsers//Library/ApplicationSupport/MobileSync/Backup/Alargenumberofkeyinformationcanberecoveredbyusingthemethodmentionedabove.
Frequently-useddataisusuallystoredintheSQLitedatabaseandsomepropertylistfile,assynchronousprotocolcansupportsynchronousoperationoftheSQLdatabaseandsomepropertylistfile.
ForensicanalysisofiPhonethird-partyapplicationTheforensicanalysisofthedatageneratedbyiPhonethird-partyapplicationconsistsofthreeparts:analyzingfileanddirectorystructure,analyzingdatabase/plistfile,correlationanalysis.
IOSdevicecontainsalargenumberofvarioustypesofdata,includingsomedatarelatedwithmobilephoneandbuilt-inapplications,suchascalllog,contacts,shortmessages,photosandthecachefilesofSafaribrowseretc.
Inadditiontothis,iOSalsocontainsthedatageneratedbythethirdpartyapplicationswhicharefromAppStore.
IOSdevicehastwokindsofstorageformats:oneispropertylistfile(plist)inbinaryform,it'susedtostoresomesetupinformation;anotherisSQLitedatabase,it'susedtostorepersonalinformation[8].
Analyzingfileanddirectorystructure.
EveryiOSapplicationhasitsownsandbox,thesandboxisaspecialfilesystemdirectorywhichisseparatedfromotherfiledirectories.
Itcanpreventanyapplicationtoexchangedatawithotherapplications.
Thethird-partyappsofiPhoneareusuallystoredin/private/var/mobile/Applications.
Everythird-partyapphastwodirectories:/Documentsand/Library,thefirstdirectorycontainssomedocumentinformation,theseconddirectorycontainspreferencesettingsandsomecachefiles[9].
Butdifferentthirdpartyapplicationhasdifferentstoragelocationandformat.
Analyzingdatabase/plistfile.
SQLitedatabaseisoneofthemostcommondatatypeforstorage,it'smainlyfoundinthemobileapplicationdevelopment.
ManyapplicationsintheiOSuseSQLitetostoredata.
Manyimportantdata(suchasContacts,ShortMessages,CallHistoryetc)arestoredintheformofSQLitedatabase,thesedataareencodedinUTF-8.
PropertyListfileismainlyusedtostoreserializedobjects.
Thefilenameextensionis.
plist,soit'susuallycalledplistfile.
Plistfileisusuallytostoreusersettingsandextrainformation.
Plistfileisconsistofthreeclasseswithhierarchicalstructure:CocoaFoundation、CoreFoundationandXML,allnodesaredisplayedinalist.
Correlationanalysis.
Althoughthesefilesincludemanyimportantinformation,suchastheuniqueIDofvisitingsocialnetworksite,specialdata,whereandwhentheeventistakingplace.
AnalyzingSinaMicroblogThispaperwilltakeSinaMicroblogiPhoneAppasanexampletodiscusshowtoanalyzeMicroblogusers'behaviorforforensicinvestigator.
Thisworkincludestwosteps:extractimportantbackupfiledatarelatedwithSinaMicroblogusers'behavior,andanalyzeSinaMicroblogdirectorystructure,importantdatabaseandplistfile.
Asthebackfilesareallencryptedfiles,wecanusesomeforensictoolstorestoretheseencryptedfiles,twotoolsusedinthispaperareiBackupBotforiTunes.
Fig1showsthedirectorystructurediagramofusingiPhoneDataRecoverytorestoreSinaMicroblog,SinaMicrobloghastwodirectories:/Documentsand/Library,thefirstdirectoryisusedtostoredocumentinformation,thesecondoneisusedtostorepreferencesettingsandcacheinformation.
Fig1.
DirectoryStructureofSinaMicroblogImportantinformationofSinaMicroblogiPhoneAppisstoredinaSQLitedatabasecalledDocuments/db_42500_1992761734.
dat,thelasttendigits(1992761734)istheuniqueidoftheuser.
Thenwecanknowthatthefilenameofthisdatabasefileinthebackupfilesis4ab36716f9ce19991ac7950591b2c06475e5d21ebycomputingthehashvalue(sha1)ofppDomain-com.
sina.
microblog-Documents/db_42500_1992761734.
dat.
Thenwecanfindseveraltablesinthisdatabasefile,thedetailinformationisshowninFig2.
Fig2.
SQLitefileIt'seasytoanalyzetherelationshipbetweenthedatacontentandcorrespondingMicrobloginformationbyviewingthestructureofeachtable.
Eachtableinthedatabase(db_42500_1992761734.
dat)hasdifferentfunctions,thedetailinformationisshownasfollowings:contact_group_count:Thistableisusedtorecordtheamountofusersineachgroupoffolloingotherusers.
contact_groups:Thistableisusedtorecordsomeinformationaboutbeingfollowedbyotherusers,includingtheGIDandnameofeachgroup.
contact_x_group:Thistableisusedtorecordtheuserslistofbeingfollowedbyothers,includinguserIDandthegroupIDofeachgroup.
contacts:Thistableisusedtorecordtheuserslistoffollowingothers,includingusernameanduserIDetc.
pm_conversations:Thistableisusedtorecordthelistofuser'sMicroblogprivatemessages,includingthenewestrecordofprivatemessagewitheachuser.
pm_messages:ThistableisusedtorecordtheMicroblogmessagelist.
microblogs:ThistableisusedtorecordMicrobloginformationbyuser'stimeline,includingthecontentofMicroblogmessage,theauthorofMicroblogmessage,userID,posttime,theamountofforwarding,thenameofMicroblogclient,geographicalpositioninformation,thelinkofpictureattachedtoMicroblogmessageandsoon.
Twokindsoftypicaluserbehaviors,"Follow"and"Befollowed",formthebasisofMicrobloguser'ssocialnetwork[10].
Wecanacquiretheuserslistoffollowingothersfromthecontactstable.
Thecontactstablecandirectlyreflecttheuser'sintereststowardsdifferentkindofinformation.
Ifwewanttoknowtheuser'ssocialnetworkinformation,weshouldviewtheuser'sfanslistfromcontact_x_grouptable.
User-postedMicroblogmessagesarerecordedinweibotablebytimeline.
Thelast50microblogrecordsarestoredinthemobileclient,theserecordsincludethemicroblogmessagespostedorbrowseredbytheuser.
TheinformationrecordedinthemicroblogtableisveryimportantforstudyingforensicinvestigationofMicrobloguser'sbehavior.
hedetailinformationofeachfieldandthecorrespondingmeaningisshowninTable2Table2theinformationofweibotableFieldStoredinformationStoreddatatypenickUsernicknameNSStringuidTheuniqueIDofuserNSNumeber(intValue)portraitImageInformationNSStringconcentThebodyofpostedMicroblogNSStringpicEmbeddedpictureintheMicroblogNSStringdatelineThedateofpostingMicroblogNSDatertrootuidTheuniqueIDofthepostedMicroblogNSNumeber(intValue)rtrootnickThenicknameofthepostedMicroblogNSStringrtreasonThecommentcontentofforwardedMicroblogNSStringsourceTheappofpostingMicroblogNSStringlongitudeLongitudeNSNumber(floatValue)latitudeLatitudeNSNumber(floatValue)url_structsThelinkinformationembeddedintheMicroblogNSDictionarypage_infoPageinformation(position,topicetc)NSDictionarytopic_structsTopicinformation(thelinkandtitleofthetopic)NSDictionarypic_id_infosThepictureembeddedinthepostedMicroblogNSDictionaryextra_propertiesExtrainformation(Ifthevalueofrelationis0,itindicatesthatthismessageispostedbytheuser;ifthevalueofrelationis1,itindicatesthatthismessageisthepublichomepage'smicroblogmessagewhichisbrowseredbytheuser.
)NSDictionaryTheforensicinvestigatorcanobtainmanyusefulinformationbyanalyzingtheimportantfieldsinweibotable,suchasuser-postedmicroblogmessages,thepublichomepage'smicroblogmessageswhicharebrowseredbytheuser,wheretheuserpostedthemicroblogmessage.
Inadditiontothis,theuser'strackduringaperiodoftimecanbeobtainedbyanalyzingtheinformationoflongitudeandlatitude,thentheforensicinvestigatorcananalyzeMicroblogusers'behaviorfromthepointoftimeandspacerelations.
Exceptforthis,wecandirectlyvisittheuser'sMicrobloghomepagebyenteringtheURL:http://microblog.
com/0000000000inthebrowser'saddressbartovalidatewhethertheIDnumberintheURLbelongstotheuser.
WecanacquireallkindsofdataofMicroblogbycallingAPIinterfaceprovidedbySina,includingpersonalprofileinformation,geographicalpositioninformation,dynamicinteractioninformation,user'sfansinformation.
SummaryAtpresent,theresearchofMicrobloguser'sbehaviorandacquiringMicroblogdataareconductedseparately,buttheyareinseparableforforensicworkers.
Onthisbasis,thispapertookSinaMicroblogiPhoneAppasanexampleandproposedanewmethod:firstlyextractdatafromMicroblogapp,thenmakeanalyzeuserbehaviorforthepurposeofforensicanalysis,thismethodcanbeappliedtootherMicroblogapp,too.
AcknowledgementsThisworkissupportedbyNationalSocialScienceFoundationProjectofP.
R.
China(No.
14BFX156),NaturalScienceFoundationProjectofCQCSTCofP.
R.
China(No.
cstc2011jjA40031).
References[1]Informationonhttp://www.
pocketgamer.
biz/metrics/app-store/[2]MutawaNA,BaggiliI,MarringtonA.
Forensicanalysisofsocialnetworkingapplicationsonmobiledevices[J].
DigitalInvestigation,2012,9(15):S24–S33.
[3]GaoF,ZhangY.
AnalysisofWeChatoniPhone[C]//2ndInternationalSymposiumonComputer,Communication,ControlandAutomation.
AtlantisPress,2013.
[4]DuJiang,WangCong.
iPhonethird-partysoftwareforensicsresearch[J].
ComputerCDSoftwareandApplications.
2013,(13):53-54.
[5]HUANGYan-wei,LIUJia-yong.
StudyonSinamicroblogDataAcquisitionTechnology[J].
InformationSecurityandCommunicationsPrivacy.
2013(06):71-73.
[6]ZhaoLing,ZhangJing.
Multi-dimensionalAnalysisofMicroblogUserBehaviorResearch[J].
InformationandDocumentationServices.
2013(05).
[7]ChenPeng,ShuiJinguang.
StatisticalAnalysisofMicroblogUserTypicalBehaviorbasedonIndividualProperty[J].
KnowledgeManagementForum.
2013(05).
[8]ChenCN,TsoR,YangCH.
DesignandImplementationofDigitalForensicSoftwareforiPhone[C]//InformationSecurity(AsiaJCIS),2013EighthAsiaJointConferenceon.
IEEE,2013:90-95.
[9]LevinsonA,StackpoleB,JohnsonD.
Thirdpartyapplicationforensicsonapplemobiledevices[C]//SystemSciences(HICSS),201144thHawaiiInternationalConferenceon.
IEEE,2011:1-9.
[10]XUXiao-dong,XIAOYin-tao,ZHUShi-rui.
SimulationInvestigationofRumorPropagationinMicrobloggingCommunity[J].
ComputerEngineering.
2011,37(10):272-274.
achenlong@cqupt.
edu.
cn,bwangyongqing123@163.
comKeywords:Microblog,userbehaviour,iOSdataacquisition.
Abstract.
Microblog,anewnetworkapplicationintheeraofWeb2.
0,hasbecomeoneofthemajormediuminChina.
Itsmainfeaturesareasfollowings:largenumberofusers,frequentstatusofupdatinginformation,fasttransmissionspeedofinformation.
ThewritertookSinaWeiboiPhoneAppasanexampletostudythebehaviorofindividualcharacteristicsofmicroblogusersbyanalyzingthedatafromsamplesgeneratedbyusingmicroblog.
IntroductionDuetothepopularityandprevalenceofsmartphones,thenumberofthird-partymobileapplicationsincreasesrapidly.
ThenumberofmobileapplicationsinApple'sofficialAppStorehasreached1.
49millionbyJanuary2015[1].
Manyapplicationsaremakingthefeature-richsmartphones.
Therearemanypotentialevidenceforforensicsworkers.
Foreignresearchinthefieldofthird-partyapplicationsfocusesonFacebook,TwitterandMySpace.
Themainstudyfocusesonanalyzinguser'ssocialnetworkingactivityandwhetherthedatastoredinthemainmemoryandthemobilephonecanberestored[2].
DomesticresearchinthisfieldfocusesonWechatandSinaMicroblog.
ForWechat,themainstudyfocusesonanalyzingthefiledirectorystructure[3]andgettingtheaudiofile[4].
ForSinaMicroblog,therearetwomethodsofextractingthedataofSinaMicroblog:acquiringinformationbasedonSinaMicro-BlogOpenPlatformandacquiringinformationbasedonnetworkdataflow[5].
ButwiththedevelopmentofmobileInternet,manySinaMicroblogusersbegintousemobileclientotherthanPCclient,andthereisnorelevantresearchondataextractionofSinaMicroblogApp.
ThewritertookSinaMicroblogiPhoneAppasanexampletoextractsomeimportantdataofSinaMicroblogiPhoneApp,thenanalyzedthedirectorystructureofmicroblogbackupfileandrelevantimportantdata.
ThemethodmentionedinthispapercanhelpforensicinvestigatoracquiresomeimportantdataofSinaMicroblogquicklyandanalyzetheuserbehavioreasily.
MicroblogUserBehaviorMicroblog,asakindofnewinformationcommunicationplatform,cansatisfyourdifferentrequirements,suchasinformationacquisition,informationcommunicationandinformationsharingetc[6].
OntheInternet,therearethreemaintypicalbehaviorsofMicroblogusers:followothers,befollowedbyothers,totweet.
Thefirstoneisakindofbehaviorthattheuseracquiressomeinformationbyfollowingotherusers.
Thesecondoneisakindofbehaviorthattheuseraffectsotherusersthroughbeingfollowedbyothers.
Thethirdoneisakindofbehaviorthattheuserwritestwitterandspreadsinformation.
ThegreaterthenumberofMicroblogbeingcreatedandreposted,thelargertheinformationbeingtransferredbytheuser[7].
DataAcquisitionTherearethreewaystoacquiredatafromiOSdevices:acquiredatafrombackupfile,acquiredatabylogicalmethodandacquiredatabyphysicalmethod.
ThispaperfocusesonhowtoacquiredatafromiOSdevicesbybackupfile.
iPhonebackupsdatabyusingiTunesaccordingtosomesynchronousprotocolsaboutMACOS,sowecanacquiredatafromthebackupdirectoriesstoredinthecomputer.
However,onlythefiledatasynchronizedexactlybysynchronousprotocolcanbeacquirebythismethod.
DifferentoperatingsystemhasdifferentstoragelocationwheniPhonebackupsdatabyusingiTunes,thedetailinformationisshownintable1.
Table1.
backupfile'sstoragelocationofusingiTunesOperationsystemlocationWindowsXPWindowsVista/Windows7MacOSXC:\documentsandsetting\\ApplicationData\AppleComputer\MobleSync\BackupC:\Users\\AppData\Roaming\AppleComputer\MobleSync\BackupUsers//Library/ApplicationSupport/MobileSync/Backup/Alargenumberofkeyinformationcanberecoveredbyusingthemethodmentionedabove.
Frequently-useddataisusuallystoredintheSQLitedatabaseandsomepropertylistfile,assynchronousprotocolcansupportsynchronousoperationoftheSQLdatabaseandsomepropertylistfile.
ForensicanalysisofiPhonethird-partyapplicationTheforensicanalysisofthedatageneratedbyiPhonethird-partyapplicationconsistsofthreeparts:analyzingfileanddirectorystructure,analyzingdatabase/plistfile,correlationanalysis.
IOSdevicecontainsalargenumberofvarioustypesofdata,includingsomedatarelatedwithmobilephoneandbuilt-inapplications,suchascalllog,contacts,shortmessages,photosandthecachefilesofSafaribrowseretc.
Inadditiontothis,iOSalsocontainsthedatageneratedbythethirdpartyapplicationswhicharefromAppStore.
IOSdevicehastwokindsofstorageformats:oneispropertylistfile(plist)inbinaryform,it'susedtostoresomesetupinformation;anotherisSQLitedatabase,it'susedtostorepersonalinformation[8].
Analyzingfileanddirectorystructure.
EveryiOSapplicationhasitsownsandbox,thesandboxisaspecialfilesystemdirectorywhichisseparatedfromotherfiledirectories.
Itcanpreventanyapplicationtoexchangedatawithotherapplications.
Thethird-partyappsofiPhoneareusuallystoredin/private/var/mobile/Applications.
Everythird-partyapphastwodirectories:/Documentsand/Library,thefirstdirectorycontainssomedocumentinformation,theseconddirectorycontainspreferencesettingsandsomecachefiles[9].
Butdifferentthirdpartyapplicationhasdifferentstoragelocationandformat.
Analyzingdatabase/plistfile.
SQLitedatabaseisoneofthemostcommondatatypeforstorage,it'smainlyfoundinthemobileapplicationdevelopment.
ManyapplicationsintheiOSuseSQLitetostoredata.
Manyimportantdata(suchasContacts,ShortMessages,CallHistoryetc)arestoredintheformofSQLitedatabase,thesedataareencodedinUTF-8.
PropertyListfileismainlyusedtostoreserializedobjects.
Thefilenameextensionis.
plist,soit'susuallycalledplistfile.
Plistfileisusuallytostoreusersettingsandextrainformation.
Plistfileisconsistofthreeclasseswithhierarchicalstructure:CocoaFoundation、CoreFoundationandXML,allnodesaredisplayedinalist.
Correlationanalysis.
Althoughthesefilesincludemanyimportantinformation,suchastheuniqueIDofvisitingsocialnetworksite,specialdata,whereandwhentheeventistakingplace.
AnalyzingSinaMicroblogThispaperwilltakeSinaMicroblogiPhoneAppasanexampletodiscusshowtoanalyzeMicroblogusers'behaviorforforensicinvestigator.
Thisworkincludestwosteps:extractimportantbackupfiledatarelatedwithSinaMicroblogusers'behavior,andanalyzeSinaMicroblogdirectorystructure,importantdatabaseandplistfile.
Asthebackfilesareallencryptedfiles,wecanusesomeforensictoolstorestoretheseencryptedfiles,twotoolsusedinthispaperareiBackupBotforiTunes.
Fig1showsthedirectorystructurediagramofusingiPhoneDataRecoverytorestoreSinaMicroblog,SinaMicrobloghastwodirectories:/Documentsand/Library,thefirstdirectoryisusedtostoredocumentinformation,thesecondoneisusedtostorepreferencesettingsandcacheinformation.
Fig1.
DirectoryStructureofSinaMicroblogImportantinformationofSinaMicroblogiPhoneAppisstoredinaSQLitedatabasecalledDocuments/db_42500_1992761734.
dat,thelasttendigits(1992761734)istheuniqueidoftheuser.
Thenwecanknowthatthefilenameofthisdatabasefileinthebackupfilesis4ab36716f9ce19991ac7950591b2c06475e5d21ebycomputingthehashvalue(sha1)ofppDomain-com.
sina.
microblog-Documents/db_42500_1992761734.
dat.
Thenwecanfindseveraltablesinthisdatabasefile,thedetailinformationisshowninFig2.
Fig2.
SQLitefileIt'seasytoanalyzetherelationshipbetweenthedatacontentandcorrespondingMicrobloginformationbyviewingthestructureofeachtable.
Eachtableinthedatabase(db_42500_1992761734.
dat)hasdifferentfunctions,thedetailinformationisshownasfollowings:contact_group_count:Thistableisusedtorecordtheamountofusersineachgroupoffolloingotherusers.
contact_groups:Thistableisusedtorecordsomeinformationaboutbeingfollowedbyotherusers,includingtheGIDandnameofeachgroup.
contact_x_group:Thistableisusedtorecordtheuserslistofbeingfollowedbyothers,includinguserIDandthegroupIDofeachgroup.
contacts:Thistableisusedtorecordtheuserslistoffollowingothers,includingusernameanduserIDetc.
pm_conversations:Thistableisusedtorecordthelistofuser'sMicroblogprivatemessages,includingthenewestrecordofprivatemessagewitheachuser.
pm_messages:ThistableisusedtorecordtheMicroblogmessagelist.
microblogs:ThistableisusedtorecordMicrobloginformationbyuser'stimeline,includingthecontentofMicroblogmessage,theauthorofMicroblogmessage,userID,posttime,theamountofforwarding,thenameofMicroblogclient,geographicalpositioninformation,thelinkofpictureattachedtoMicroblogmessageandsoon.
Twokindsoftypicaluserbehaviors,"Follow"and"Befollowed",formthebasisofMicrobloguser'ssocialnetwork[10].
Wecanacquiretheuserslistoffollowingothersfromthecontactstable.
Thecontactstablecandirectlyreflecttheuser'sintereststowardsdifferentkindofinformation.
Ifwewanttoknowtheuser'ssocialnetworkinformation,weshouldviewtheuser'sfanslistfromcontact_x_grouptable.
User-postedMicroblogmessagesarerecordedinweibotablebytimeline.
Thelast50microblogrecordsarestoredinthemobileclient,theserecordsincludethemicroblogmessagespostedorbrowseredbytheuser.
TheinformationrecordedinthemicroblogtableisveryimportantforstudyingforensicinvestigationofMicrobloguser'sbehavior.
hedetailinformationofeachfieldandthecorrespondingmeaningisshowninTable2Table2theinformationofweibotableFieldStoredinformationStoreddatatypenickUsernicknameNSStringuidTheuniqueIDofuserNSNumeber(intValue)portraitImageInformationNSStringconcentThebodyofpostedMicroblogNSStringpicEmbeddedpictureintheMicroblogNSStringdatelineThedateofpostingMicroblogNSDatertrootuidTheuniqueIDofthepostedMicroblogNSNumeber(intValue)rtrootnickThenicknameofthepostedMicroblogNSStringrtreasonThecommentcontentofforwardedMicroblogNSStringsourceTheappofpostingMicroblogNSStringlongitudeLongitudeNSNumber(floatValue)latitudeLatitudeNSNumber(floatValue)url_structsThelinkinformationembeddedintheMicroblogNSDictionarypage_infoPageinformation(position,topicetc)NSDictionarytopic_structsTopicinformation(thelinkandtitleofthetopic)NSDictionarypic_id_infosThepictureembeddedinthepostedMicroblogNSDictionaryextra_propertiesExtrainformation(Ifthevalueofrelationis0,itindicatesthatthismessageispostedbytheuser;ifthevalueofrelationis1,itindicatesthatthismessageisthepublichomepage'smicroblogmessagewhichisbrowseredbytheuser.
)NSDictionaryTheforensicinvestigatorcanobtainmanyusefulinformationbyanalyzingtheimportantfieldsinweibotable,suchasuser-postedmicroblogmessages,thepublichomepage'smicroblogmessageswhicharebrowseredbytheuser,wheretheuserpostedthemicroblogmessage.
Inadditiontothis,theuser'strackduringaperiodoftimecanbeobtainedbyanalyzingtheinformationoflongitudeandlatitude,thentheforensicinvestigatorcananalyzeMicroblogusers'behaviorfromthepointoftimeandspacerelations.
Exceptforthis,wecandirectlyvisittheuser'sMicrobloghomepagebyenteringtheURL:http://microblog.
com/0000000000inthebrowser'saddressbartovalidatewhethertheIDnumberintheURLbelongstotheuser.
WecanacquireallkindsofdataofMicroblogbycallingAPIinterfaceprovidedbySina,includingpersonalprofileinformation,geographicalpositioninformation,dynamicinteractioninformation,user'sfansinformation.
SummaryAtpresent,theresearchofMicrobloguser'sbehaviorandacquiringMicroblogdataareconductedseparately,buttheyareinseparableforforensicworkers.
Onthisbasis,thispapertookSinaMicroblogiPhoneAppasanexampleandproposedanewmethod:firstlyextractdatafromMicroblogapp,thenmakeanalyzeuserbehaviorforthepurposeofforensicanalysis,thismethodcanbeappliedtootherMicroblogapp,too.
AcknowledgementsThisworkissupportedbyNationalSocialScienceFoundationProjectofP.
R.
China(No.
14BFX156),NaturalScienceFoundationProjectofCQCSTCofP.
R.
China(No.
cstc2011jjA40031).
References[1]Informationonhttp://www.
pocketgamer.
biz/metrics/app-store/[2]MutawaNA,BaggiliI,MarringtonA.
Forensicanalysisofsocialnetworkingapplicationsonmobiledevices[J].
DigitalInvestigation,2012,9(15):S24–S33.
[3]GaoF,ZhangY.
AnalysisofWeChatoniPhone[C]//2ndInternationalSymposiumonComputer,Communication,ControlandAutomation.
AtlantisPress,2013.
[4]DuJiang,WangCong.
iPhonethird-partysoftwareforensicsresearch[J].
ComputerCDSoftwareandApplications.
2013,(13):53-54.
[5]HUANGYan-wei,LIUJia-yong.
StudyonSinamicroblogDataAcquisitionTechnology[J].
InformationSecurityandCommunicationsPrivacy.
2013(06):71-73.
[6]ZhaoLing,ZhangJing.
Multi-dimensionalAnalysisofMicroblogUserBehaviorResearch[J].
InformationandDocumentationServices.
2013(05).
[7]ChenPeng,ShuiJinguang.
StatisticalAnalysisofMicroblogUserTypicalBehaviorbasedonIndividualProperty[J].
KnowledgeManagementForum.
2013(05).
[8]ChenCN,TsoR,YangCH.
DesignandImplementationofDigitalForensicSoftwareforiPhone[C]//InformationSecurity(AsiaJCIS),2013EighthAsiaJointConferenceon.
IEEE,2013:90-95.
[9]LevinsonA,StackpoleB,JohnsonD.
Thirdpartyapplicationforensicsonapplemobiledevices[C]//SystemSciences(HICSS),201144thHawaiiInternationalConferenceon.
IEEE,2011:1-9.
[10]XUXiao-dong,XIAOYin-tao,ZHUShi-rui.
SimulationInvestigationofRumorPropagationinMicrobloggingCommunity[J].
ComputerEngineering.
2011,37(10):272-274.
- Vista新浪博客搬家工具相关文档
- 民族新浪博客搬家工具
- 运动新浪博客搬家工具
- 新闻评论之名栏追踪
- "序号","网站名称"
- models新浪博客搬家工具
- 新闻标题:寻找搬家公司四大渠道
friendhosting:(优惠55%)大促销,全场VPS降价55%,9个机房,不限流量
每年的7月的最后一个周五是全球性质的“系统管理员日”,据说是为了感谢系统管理员的辛苦工作....friendhosting决定从现在开始一直到9月8日对其全球9个数据中心的VPS进行4.5折(优惠55%)大促销。所有VPS基于KVM虚拟,给100M带宽,不限制流量,允许自定义上传ISO...官方网站:https://friendhosting.net比特币、信用卡、PayPal、支付宝、微信、we...
数脉科技:香港服务器低至350元/月;阿里云CN2+BGP线路,带宽10M30M50M100M
数脉科技(shuhost)8月促销:香港独立服务器,自营BGP、CN2+BGP、阿里云线路,新客立减400港币/月,老用户按照优惠码减免!香港服务器带宽可选10Mbps、30Mbps、50Mbps、100Mbps带宽,支持中文本Windows、Linux等系统。数脉香港特价阿里云10MbpsCN2,e3-1230v2,16G内存,1T HDD 或 240G SSD,10Mbps带宽,IPv41个,...
spinservers:10Gbps带宽高配服务器月付89美元起,达拉斯/圣何塞机房
spinservers是一家主营国外服务器租用和Hybrid Dedicated等产品的商家,Majestic Hosting Solutions LLC旗下站点,商家数据中心包括美国达拉斯和圣何塞机房,机器一般10Gbps端口带宽,且硬件配置较高。目前,主机商针对达拉斯机房机器提供优惠码,最低款Dual E5-2630L v2+64G+1.6TB SSD月付89美元起,支持PayPal、支付宝等...
新浪博客搬家工具为你推荐
-
美团月付怎么关闭美团网付款后怎么取消订单申请退款骁龙765g和骁龙865哪个好骁龙865八核2.84H和骁龙855plus八核2.96GHZ那个好了?手机音乐播放器哪个好手机音乐播放器哪个好杰士邦和杜蕾斯哪个好安全套是杜蕾斯的好用还是杰士邦的好用?加速器哪个好主流加速器哪个好群空间登录手机能否登录群空间,如何登录空间登录qq如何在空间里登陆qq辽宁联通网上营业厅辽宁省昌图县联通网上营业厅通话单怎么查询dns服务器有什么用DNS服务器是干嘛的?网通dns服务器地址联通DNS地址怎样设置