Abstract:
With the rapid technological advancement, the usage of social media applications has increased resulting in major security concerns. From leisure activities to business management, a social media application is frequently used, attracting the attention of criminals to perform undesirable activities. During such activities certain remnants often reside within the network. However, the increased security in the application development and HTTPS based client server architecture makes the network investigation complex. The extensive analysis of sessions of encrypted traffic has the potential of identifying and classifying important artefacts related to users, and their activities. This has attracted researcher’s attention in studying secure social media applications in forensics and information security domains. In this thesis, we carry out network forensic analysis of Twitter, a famous social media application which applies encryption to protect information over the network. The analysis is conducted by extracting hidden patterns of the application, information of involved parties and related activities. Focusing on byte level analysis, we identify fixed patterns against user activities from client server sessions. This analysis in forensic research is termed as behaviour analysis of secure applications. The objective of this research is to forensically profile the Twitter application through network traffic analysis. Our methodology is based on understanding of traffic classification and behaviour analysis techniques, traffic interception and identification of fixed patterns to correctly identify the user activities. Moreover, firewall is used to explore the hidden design flexibilities and other connectivity options used by Twitter.
Our analysis shows that we can correctly identify the flow of Twitter traffic, user related information, and fixed patterns to classify the user activities on Twitter. Our methodology of Network Traffic Analysis of Twitter can be of great help during criminal investigations.
