Vista新浪博客搬家工具
新浪博客搬家工具 时间:2021-01-26 阅读:()
ForensicAnalysistowardstheuserbehaviorofSinamicroblogLongChen1,a,Yong-QingWang2,b1,2Departmentofcomputer,ChongqingUniversityofPostsandTelecommunications,Chongqing,400065,China.
achenlong@cqupt.
edu.
cn,bwangyongqing123@163.
comKeywords:Microblog,userbehaviour,iOSdataacquisition.
Abstract.
Microblog,anewnetworkapplicationintheeraofWeb2.
0,hasbecomeoneofthemajormediuminChina.
Itsmainfeaturesareasfollowings:largenumberofusers,frequentstatusofupdatinginformation,fasttransmissionspeedofinformation.
ThewritertookSinaWeiboiPhoneAppasanexampletostudythebehaviorofindividualcharacteristicsofmicroblogusersbyanalyzingthedatafromsamplesgeneratedbyusingmicroblog.
IntroductionDuetothepopularityandprevalenceofsmartphones,thenumberofthird-partymobileapplicationsincreasesrapidly.
ThenumberofmobileapplicationsinApple'sofficialAppStorehasreached1.
49millionbyJanuary2015[1].
Manyapplicationsaremakingthefeature-richsmartphones.
Therearemanypotentialevidenceforforensicsworkers.
Foreignresearchinthefieldofthird-partyapplicationsfocusesonFacebook,TwitterandMySpace.
Themainstudyfocusesonanalyzinguser'ssocialnetworkingactivityandwhetherthedatastoredinthemainmemoryandthemobilephonecanberestored[2].
DomesticresearchinthisfieldfocusesonWechatandSinaMicroblog.
ForWechat,themainstudyfocusesonanalyzingthefiledirectorystructure[3]andgettingtheaudiofile[4].
ForSinaMicroblog,therearetwomethodsofextractingthedataofSinaMicroblog:acquiringinformationbasedonSinaMicro-BlogOpenPlatformandacquiringinformationbasedonnetworkdataflow[5].
ButwiththedevelopmentofmobileInternet,manySinaMicroblogusersbegintousemobileclientotherthanPCclient,andthereisnorelevantresearchondataextractionofSinaMicroblogApp.
ThewritertookSinaMicroblogiPhoneAppasanexampletoextractsomeimportantdataofSinaMicroblogiPhoneApp,thenanalyzedthedirectorystructureofmicroblogbackupfileandrelevantimportantdata.
ThemethodmentionedinthispapercanhelpforensicinvestigatoracquiresomeimportantdataofSinaMicroblogquicklyandanalyzetheuserbehavioreasily.
MicroblogUserBehaviorMicroblog,asakindofnewinformationcommunicationplatform,cansatisfyourdifferentrequirements,suchasinformationacquisition,informationcommunicationandinformationsharingetc[6].
OntheInternet,therearethreemaintypicalbehaviorsofMicroblogusers:followothers,befollowedbyothers,totweet.
Thefirstoneisakindofbehaviorthattheuseracquiressomeinformationbyfollowingotherusers.
Thesecondoneisakindofbehaviorthattheuseraffectsotherusersthroughbeingfollowedbyothers.
Thethirdoneisakindofbehaviorthattheuserwritestwitterandspreadsinformation.
ThegreaterthenumberofMicroblogbeingcreatedandreposted,thelargertheinformationbeingtransferredbytheuser[7].
DataAcquisitionTherearethreewaystoacquiredatafromiOSdevices:acquiredatafrombackupfile,acquiredatabylogicalmethodandacquiredatabyphysicalmethod.
ThispaperfocusesonhowtoacquiredatafromiOSdevicesbybackupfile.
iPhonebackupsdatabyusingiTunesaccordingtosomesynchronousprotocolsaboutMACOS,sowecanacquiredatafromthebackupdirectoriesstoredinthecomputer.
However,onlythefiledatasynchronizedexactlybysynchronousprotocolcanbeacquirebythismethod.
DifferentoperatingsystemhasdifferentstoragelocationwheniPhonebackupsdatabyusingiTunes,thedetailinformationisshownintable1.
Table1.
backupfile'sstoragelocationofusingiTunesOperationsystemlocationWindowsXPWindowsVista/Windows7MacOSXC:\documentsandsetting\\ApplicationData\AppleComputer\MobleSync\BackupC:\Users\\AppData\Roaming\AppleComputer\MobleSync\BackupUsers//Library/ApplicationSupport/MobileSync/Backup/Alargenumberofkeyinformationcanberecoveredbyusingthemethodmentionedabove.
Frequently-useddataisusuallystoredintheSQLitedatabaseandsomepropertylistfile,assynchronousprotocolcansupportsynchronousoperationoftheSQLdatabaseandsomepropertylistfile.
ForensicanalysisofiPhonethird-partyapplicationTheforensicanalysisofthedatageneratedbyiPhonethird-partyapplicationconsistsofthreeparts:analyzingfileanddirectorystructure,analyzingdatabase/plistfile,correlationanalysis.
IOSdevicecontainsalargenumberofvarioustypesofdata,includingsomedatarelatedwithmobilephoneandbuilt-inapplications,suchascalllog,contacts,shortmessages,photosandthecachefilesofSafaribrowseretc.
Inadditiontothis,iOSalsocontainsthedatageneratedbythethirdpartyapplicationswhicharefromAppStore.
IOSdevicehastwokindsofstorageformats:oneispropertylistfile(plist)inbinaryform,it'susedtostoresomesetupinformation;anotherisSQLitedatabase,it'susedtostorepersonalinformation[8].
Analyzingfileanddirectorystructure.
EveryiOSapplicationhasitsownsandbox,thesandboxisaspecialfilesystemdirectorywhichisseparatedfromotherfiledirectories.
Itcanpreventanyapplicationtoexchangedatawithotherapplications.
Thethird-partyappsofiPhoneareusuallystoredin/private/var/mobile/Applications.
Everythird-partyapphastwodirectories:/Documentsand/Library,thefirstdirectorycontainssomedocumentinformation,theseconddirectorycontainspreferencesettingsandsomecachefiles[9].
Butdifferentthirdpartyapplicationhasdifferentstoragelocationandformat.
Analyzingdatabase/plistfile.
SQLitedatabaseisoneofthemostcommondatatypeforstorage,it'smainlyfoundinthemobileapplicationdevelopment.
ManyapplicationsintheiOSuseSQLitetostoredata.
Manyimportantdata(suchasContacts,ShortMessages,CallHistoryetc)arestoredintheformofSQLitedatabase,thesedataareencodedinUTF-8.
PropertyListfileismainlyusedtostoreserializedobjects.
Thefilenameextensionis.
plist,soit'susuallycalledplistfile.
Plistfileisusuallytostoreusersettingsandextrainformation.
Plistfileisconsistofthreeclasseswithhierarchicalstructure:CocoaFoundation、CoreFoundationandXML,allnodesaredisplayedinalist.
Correlationanalysis.
Althoughthesefilesincludemanyimportantinformation,suchastheuniqueIDofvisitingsocialnetworksite,specialdata,whereandwhentheeventistakingplace.
AnalyzingSinaMicroblogThispaperwilltakeSinaMicroblogiPhoneAppasanexampletodiscusshowtoanalyzeMicroblogusers'behaviorforforensicinvestigator.
Thisworkincludestwosteps:extractimportantbackupfiledatarelatedwithSinaMicroblogusers'behavior,andanalyzeSinaMicroblogdirectorystructure,importantdatabaseandplistfile.
Asthebackfilesareallencryptedfiles,wecanusesomeforensictoolstorestoretheseencryptedfiles,twotoolsusedinthispaperareiBackupBotforiTunes.
Fig1showsthedirectorystructurediagramofusingiPhoneDataRecoverytorestoreSinaMicroblog,SinaMicrobloghastwodirectories:/Documentsand/Library,thefirstdirectoryisusedtostoredocumentinformation,thesecondoneisusedtostorepreferencesettingsandcacheinformation.
Fig1.
DirectoryStructureofSinaMicroblogImportantinformationofSinaMicroblogiPhoneAppisstoredinaSQLitedatabasecalledDocuments/db_42500_1992761734.
dat,thelasttendigits(1992761734)istheuniqueidoftheuser.
Thenwecanknowthatthefilenameofthisdatabasefileinthebackupfilesis4ab36716f9ce19991ac7950591b2c06475e5d21ebycomputingthehashvalue(sha1)ofppDomain-com.
sina.
microblog-Documents/db_42500_1992761734.
dat.
Thenwecanfindseveraltablesinthisdatabasefile,thedetailinformationisshowninFig2.
Fig2.
SQLitefileIt'seasytoanalyzetherelationshipbetweenthedatacontentandcorrespondingMicrobloginformationbyviewingthestructureofeachtable.
Eachtableinthedatabase(db_42500_1992761734.
dat)hasdifferentfunctions,thedetailinformationisshownasfollowings:contact_group_count:Thistableisusedtorecordtheamountofusersineachgroupoffolloingotherusers.
contact_groups:Thistableisusedtorecordsomeinformationaboutbeingfollowedbyotherusers,includingtheGIDandnameofeachgroup.
contact_x_group:Thistableisusedtorecordtheuserslistofbeingfollowedbyothers,includinguserIDandthegroupIDofeachgroup.
contacts:Thistableisusedtorecordtheuserslistoffollowingothers,includingusernameanduserIDetc.
pm_conversations:Thistableisusedtorecordthelistofuser'sMicroblogprivatemessages,includingthenewestrecordofprivatemessagewitheachuser.
pm_messages:ThistableisusedtorecordtheMicroblogmessagelist.
microblogs:ThistableisusedtorecordMicrobloginformationbyuser'stimeline,includingthecontentofMicroblogmessage,theauthorofMicroblogmessage,userID,posttime,theamountofforwarding,thenameofMicroblogclient,geographicalpositioninformation,thelinkofpictureattachedtoMicroblogmessageandsoon.
Twokindsoftypicaluserbehaviors,"Follow"and"Befollowed",formthebasisofMicrobloguser'ssocialnetwork[10].
Wecanacquiretheuserslistoffollowingothersfromthecontactstable.
Thecontactstablecandirectlyreflecttheuser'sintereststowardsdifferentkindofinformation.
Ifwewanttoknowtheuser'ssocialnetworkinformation,weshouldviewtheuser'sfanslistfromcontact_x_grouptable.
User-postedMicroblogmessagesarerecordedinweibotablebytimeline.
Thelast50microblogrecordsarestoredinthemobileclient,theserecordsincludethemicroblogmessagespostedorbrowseredbytheuser.
TheinformationrecordedinthemicroblogtableisveryimportantforstudyingforensicinvestigationofMicrobloguser'sbehavior.
hedetailinformationofeachfieldandthecorrespondingmeaningisshowninTable2Table2theinformationofweibotableFieldStoredinformationStoreddatatypenickUsernicknameNSStringuidTheuniqueIDofuserNSNumeber(intValue)portraitImageInformationNSStringconcentThebodyofpostedMicroblogNSStringpicEmbeddedpictureintheMicroblogNSStringdatelineThedateofpostingMicroblogNSDatertrootuidTheuniqueIDofthepostedMicroblogNSNumeber(intValue)rtrootnickThenicknameofthepostedMicroblogNSStringrtreasonThecommentcontentofforwardedMicroblogNSStringsourceTheappofpostingMicroblogNSStringlongitudeLongitudeNSNumber(floatValue)latitudeLatitudeNSNumber(floatValue)url_structsThelinkinformationembeddedintheMicroblogNSDictionarypage_infoPageinformation(position,topicetc)NSDictionarytopic_structsTopicinformation(thelinkandtitleofthetopic)NSDictionarypic_id_infosThepictureembeddedinthepostedMicroblogNSDictionaryextra_propertiesExtrainformation(Ifthevalueofrelationis0,itindicatesthatthismessageispostedbytheuser;ifthevalueofrelationis1,itindicatesthatthismessageisthepublichomepage'smicroblogmessagewhichisbrowseredbytheuser.
)NSDictionaryTheforensicinvestigatorcanobtainmanyusefulinformationbyanalyzingtheimportantfieldsinweibotable,suchasuser-postedmicroblogmessages,thepublichomepage'smicroblogmessageswhicharebrowseredbytheuser,wheretheuserpostedthemicroblogmessage.
Inadditiontothis,theuser'strackduringaperiodoftimecanbeobtainedbyanalyzingtheinformationoflongitudeandlatitude,thentheforensicinvestigatorcananalyzeMicroblogusers'behaviorfromthepointoftimeandspacerelations.
Exceptforthis,wecandirectlyvisittheuser'sMicrobloghomepagebyenteringtheURL:http://microblog.
com/0000000000inthebrowser'saddressbartovalidatewhethertheIDnumberintheURLbelongstotheuser.
WecanacquireallkindsofdataofMicroblogbycallingAPIinterfaceprovidedbySina,includingpersonalprofileinformation,geographicalpositioninformation,dynamicinteractioninformation,user'sfansinformation.
SummaryAtpresent,theresearchofMicrobloguser'sbehaviorandacquiringMicroblogdataareconductedseparately,buttheyareinseparableforforensicworkers.
Onthisbasis,thispapertookSinaMicroblogiPhoneAppasanexampleandproposedanewmethod:firstlyextractdatafromMicroblogapp,thenmakeanalyzeuserbehaviorforthepurposeofforensicanalysis,thismethodcanbeappliedtootherMicroblogapp,too.
AcknowledgementsThisworkissupportedbyNationalSocialScienceFoundationProjectofP.
R.
China(No.
14BFX156),NaturalScienceFoundationProjectofCQCSTCofP.
R.
China(No.
cstc2011jjA40031).
References[1]Informationonhttp://www.
pocketgamer.
biz/metrics/app-store/[2]MutawaNA,BaggiliI,MarringtonA.
Forensicanalysisofsocialnetworkingapplicationsonmobiledevices[J].
DigitalInvestigation,2012,9(15):S24–S33.
[3]GaoF,ZhangY.
AnalysisofWeChatoniPhone[C]//2ndInternationalSymposiumonComputer,Communication,ControlandAutomation.
AtlantisPress,2013.
[4]DuJiang,WangCong.
iPhonethird-partysoftwareforensicsresearch[J].
ComputerCDSoftwareandApplications.
2013,(13):53-54.
[5]HUANGYan-wei,LIUJia-yong.
StudyonSinamicroblogDataAcquisitionTechnology[J].
InformationSecurityandCommunicationsPrivacy.
2013(06):71-73.
[6]ZhaoLing,ZhangJing.
Multi-dimensionalAnalysisofMicroblogUserBehaviorResearch[J].
InformationandDocumentationServices.
2013(05).
[7]ChenPeng,ShuiJinguang.
StatisticalAnalysisofMicroblogUserTypicalBehaviorbasedonIndividualProperty[J].
KnowledgeManagementForum.
2013(05).
[8]ChenCN,TsoR,YangCH.
DesignandImplementationofDigitalForensicSoftwareforiPhone[C]//InformationSecurity(AsiaJCIS),2013EighthAsiaJointConferenceon.
IEEE,2013:90-95.
[9]LevinsonA,StackpoleB,JohnsonD.
Thirdpartyapplicationforensicsonapplemobiledevices[C]//SystemSciences(HICSS),201144thHawaiiInternationalConferenceon.
IEEE,2011:1-9.
[10]XUXiao-dong,XIAOYin-tao,ZHUShi-rui.
SimulationInvestigationofRumorPropagationinMicrobloggingCommunity[J].
ComputerEngineering.
2011,37(10):272-274.
achenlong@cqupt.
edu.
cn,bwangyongqing123@163.
comKeywords:Microblog,userbehaviour,iOSdataacquisition.
Abstract.
Microblog,anewnetworkapplicationintheeraofWeb2.
0,hasbecomeoneofthemajormediuminChina.
Itsmainfeaturesareasfollowings:largenumberofusers,frequentstatusofupdatinginformation,fasttransmissionspeedofinformation.
ThewritertookSinaWeiboiPhoneAppasanexampletostudythebehaviorofindividualcharacteristicsofmicroblogusersbyanalyzingthedatafromsamplesgeneratedbyusingmicroblog.
IntroductionDuetothepopularityandprevalenceofsmartphones,thenumberofthird-partymobileapplicationsincreasesrapidly.
ThenumberofmobileapplicationsinApple'sofficialAppStorehasreached1.
49millionbyJanuary2015[1].
Manyapplicationsaremakingthefeature-richsmartphones.
Therearemanypotentialevidenceforforensicsworkers.
Foreignresearchinthefieldofthird-partyapplicationsfocusesonFacebook,TwitterandMySpace.
Themainstudyfocusesonanalyzinguser'ssocialnetworkingactivityandwhetherthedatastoredinthemainmemoryandthemobilephonecanberestored[2].
DomesticresearchinthisfieldfocusesonWechatandSinaMicroblog.
ForWechat,themainstudyfocusesonanalyzingthefiledirectorystructure[3]andgettingtheaudiofile[4].
ForSinaMicroblog,therearetwomethodsofextractingthedataofSinaMicroblog:acquiringinformationbasedonSinaMicro-BlogOpenPlatformandacquiringinformationbasedonnetworkdataflow[5].
ButwiththedevelopmentofmobileInternet,manySinaMicroblogusersbegintousemobileclientotherthanPCclient,andthereisnorelevantresearchondataextractionofSinaMicroblogApp.
ThewritertookSinaMicroblogiPhoneAppasanexampletoextractsomeimportantdataofSinaMicroblogiPhoneApp,thenanalyzedthedirectorystructureofmicroblogbackupfileandrelevantimportantdata.
ThemethodmentionedinthispapercanhelpforensicinvestigatoracquiresomeimportantdataofSinaMicroblogquicklyandanalyzetheuserbehavioreasily.
MicroblogUserBehaviorMicroblog,asakindofnewinformationcommunicationplatform,cansatisfyourdifferentrequirements,suchasinformationacquisition,informationcommunicationandinformationsharingetc[6].
OntheInternet,therearethreemaintypicalbehaviorsofMicroblogusers:followothers,befollowedbyothers,totweet.
Thefirstoneisakindofbehaviorthattheuseracquiressomeinformationbyfollowingotherusers.
Thesecondoneisakindofbehaviorthattheuseraffectsotherusersthroughbeingfollowedbyothers.
Thethirdoneisakindofbehaviorthattheuserwritestwitterandspreadsinformation.
ThegreaterthenumberofMicroblogbeingcreatedandreposted,thelargertheinformationbeingtransferredbytheuser[7].
DataAcquisitionTherearethreewaystoacquiredatafromiOSdevices:acquiredatafrombackupfile,acquiredatabylogicalmethodandacquiredatabyphysicalmethod.
ThispaperfocusesonhowtoacquiredatafromiOSdevicesbybackupfile.
iPhonebackupsdatabyusingiTunesaccordingtosomesynchronousprotocolsaboutMACOS,sowecanacquiredatafromthebackupdirectoriesstoredinthecomputer.
However,onlythefiledatasynchronizedexactlybysynchronousprotocolcanbeacquirebythismethod.
DifferentoperatingsystemhasdifferentstoragelocationwheniPhonebackupsdatabyusingiTunes,thedetailinformationisshownintable1.
Table1.
backupfile'sstoragelocationofusingiTunesOperationsystemlocationWindowsXPWindowsVista/Windows7MacOSXC:\documentsandsetting\\ApplicationData\AppleComputer\MobleSync\BackupC:\Users\\AppData\Roaming\AppleComputer\MobleSync\BackupUsers//Library/ApplicationSupport/MobileSync/Backup/Alargenumberofkeyinformationcanberecoveredbyusingthemethodmentionedabove.
Frequently-useddataisusuallystoredintheSQLitedatabaseandsomepropertylistfile,assynchronousprotocolcansupportsynchronousoperationoftheSQLdatabaseandsomepropertylistfile.
ForensicanalysisofiPhonethird-partyapplicationTheforensicanalysisofthedatageneratedbyiPhonethird-partyapplicationconsistsofthreeparts:analyzingfileanddirectorystructure,analyzingdatabase/plistfile,correlationanalysis.
IOSdevicecontainsalargenumberofvarioustypesofdata,includingsomedatarelatedwithmobilephoneandbuilt-inapplications,suchascalllog,contacts,shortmessages,photosandthecachefilesofSafaribrowseretc.
Inadditiontothis,iOSalsocontainsthedatageneratedbythethirdpartyapplicationswhicharefromAppStore.
IOSdevicehastwokindsofstorageformats:oneispropertylistfile(plist)inbinaryform,it'susedtostoresomesetupinformation;anotherisSQLitedatabase,it'susedtostorepersonalinformation[8].
Analyzingfileanddirectorystructure.
EveryiOSapplicationhasitsownsandbox,thesandboxisaspecialfilesystemdirectorywhichisseparatedfromotherfiledirectories.
Itcanpreventanyapplicationtoexchangedatawithotherapplications.
Thethird-partyappsofiPhoneareusuallystoredin/private/var/mobile/Applications.
Everythird-partyapphastwodirectories:/Documentsand/Library,thefirstdirectorycontainssomedocumentinformation,theseconddirectorycontainspreferencesettingsandsomecachefiles[9].
Butdifferentthirdpartyapplicationhasdifferentstoragelocationandformat.
Analyzingdatabase/plistfile.
SQLitedatabaseisoneofthemostcommondatatypeforstorage,it'smainlyfoundinthemobileapplicationdevelopment.
ManyapplicationsintheiOSuseSQLitetostoredata.
Manyimportantdata(suchasContacts,ShortMessages,CallHistoryetc)arestoredintheformofSQLitedatabase,thesedataareencodedinUTF-8.
PropertyListfileismainlyusedtostoreserializedobjects.
Thefilenameextensionis.
plist,soit'susuallycalledplistfile.
Plistfileisusuallytostoreusersettingsandextrainformation.
Plistfileisconsistofthreeclasseswithhierarchicalstructure:CocoaFoundation、CoreFoundationandXML,allnodesaredisplayedinalist.
Correlationanalysis.
Althoughthesefilesincludemanyimportantinformation,suchastheuniqueIDofvisitingsocialnetworksite,specialdata,whereandwhentheeventistakingplace.
AnalyzingSinaMicroblogThispaperwilltakeSinaMicroblogiPhoneAppasanexampletodiscusshowtoanalyzeMicroblogusers'behaviorforforensicinvestigator.
Thisworkincludestwosteps:extractimportantbackupfiledatarelatedwithSinaMicroblogusers'behavior,andanalyzeSinaMicroblogdirectorystructure,importantdatabaseandplistfile.
Asthebackfilesareallencryptedfiles,wecanusesomeforensictoolstorestoretheseencryptedfiles,twotoolsusedinthispaperareiBackupBotforiTunes.
Fig1showsthedirectorystructurediagramofusingiPhoneDataRecoverytorestoreSinaMicroblog,SinaMicrobloghastwodirectories:/Documentsand/Library,thefirstdirectoryisusedtostoredocumentinformation,thesecondoneisusedtostorepreferencesettingsandcacheinformation.
Fig1.
DirectoryStructureofSinaMicroblogImportantinformationofSinaMicroblogiPhoneAppisstoredinaSQLitedatabasecalledDocuments/db_42500_1992761734.
dat,thelasttendigits(1992761734)istheuniqueidoftheuser.
Thenwecanknowthatthefilenameofthisdatabasefileinthebackupfilesis4ab36716f9ce19991ac7950591b2c06475e5d21ebycomputingthehashvalue(sha1)ofppDomain-com.
sina.
microblog-Documents/db_42500_1992761734.
dat.
Thenwecanfindseveraltablesinthisdatabasefile,thedetailinformationisshowninFig2.
Fig2.
SQLitefileIt'seasytoanalyzetherelationshipbetweenthedatacontentandcorrespondingMicrobloginformationbyviewingthestructureofeachtable.
Eachtableinthedatabase(db_42500_1992761734.
dat)hasdifferentfunctions,thedetailinformationisshownasfollowings:contact_group_count:Thistableisusedtorecordtheamountofusersineachgroupoffolloingotherusers.
contact_groups:Thistableisusedtorecordsomeinformationaboutbeingfollowedbyotherusers,includingtheGIDandnameofeachgroup.
contact_x_group:Thistableisusedtorecordtheuserslistofbeingfollowedbyothers,includinguserIDandthegroupIDofeachgroup.
contacts:Thistableisusedtorecordtheuserslistoffollowingothers,includingusernameanduserIDetc.
pm_conversations:Thistableisusedtorecordthelistofuser'sMicroblogprivatemessages,includingthenewestrecordofprivatemessagewitheachuser.
pm_messages:ThistableisusedtorecordtheMicroblogmessagelist.
microblogs:ThistableisusedtorecordMicrobloginformationbyuser'stimeline,includingthecontentofMicroblogmessage,theauthorofMicroblogmessage,userID,posttime,theamountofforwarding,thenameofMicroblogclient,geographicalpositioninformation,thelinkofpictureattachedtoMicroblogmessageandsoon.
Twokindsoftypicaluserbehaviors,"Follow"and"Befollowed",formthebasisofMicrobloguser'ssocialnetwork[10].
Wecanacquiretheuserslistoffollowingothersfromthecontactstable.
Thecontactstablecandirectlyreflecttheuser'sintereststowardsdifferentkindofinformation.
Ifwewanttoknowtheuser'ssocialnetworkinformation,weshouldviewtheuser'sfanslistfromcontact_x_grouptable.
User-postedMicroblogmessagesarerecordedinweibotablebytimeline.
Thelast50microblogrecordsarestoredinthemobileclient,theserecordsincludethemicroblogmessagespostedorbrowseredbytheuser.
TheinformationrecordedinthemicroblogtableisveryimportantforstudyingforensicinvestigationofMicrobloguser'sbehavior.
hedetailinformationofeachfieldandthecorrespondingmeaningisshowninTable2Table2theinformationofweibotableFieldStoredinformationStoreddatatypenickUsernicknameNSStringuidTheuniqueIDofuserNSNumeber(intValue)portraitImageInformationNSStringconcentThebodyofpostedMicroblogNSStringpicEmbeddedpictureintheMicroblogNSStringdatelineThedateofpostingMicroblogNSDatertrootuidTheuniqueIDofthepostedMicroblogNSNumeber(intValue)rtrootnickThenicknameofthepostedMicroblogNSStringrtreasonThecommentcontentofforwardedMicroblogNSStringsourceTheappofpostingMicroblogNSStringlongitudeLongitudeNSNumber(floatValue)latitudeLatitudeNSNumber(floatValue)url_structsThelinkinformationembeddedintheMicroblogNSDictionarypage_infoPageinformation(position,topicetc)NSDictionarytopic_structsTopicinformation(thelinkandtitleofthetopic)NSDictionarypic_id_infosThepictureembeddedinthepostedMicroblogNSDictionaryextra_propertiesExtrainformation(Ifthevalueofrelationis0,itindicatesthatthismessageispostedbytheuser;ifthevalueofrelationis1,itindicatesthatthismessageisthepublichomepage'smicroblogmessagewhichisbrowseredbytheuser.
)NSDictionaryTheforensicinvestigatorcanobtainmanyusefulinformationbyanalyzingtheimportantfieldsinweibotable,suchasuser-postedmicroblogmessages,thepublichomepage'smicroblogmessageswhicharebrowseredbytheuser,wheretheuserpostedthemicroblogmessage.
Inadditiontothis,theuser'strackduringaperiodoftimecanbeobtainedbyanalyzingtheinformationoflongitudeandlatitude,thentheforensicinvestigatorcananalyzeMicroblogusers'behaviorfromthepointoftimeandspacerelations.
Exceptforthis,wecandirectlyvisittheuser'sMicrobloghomepagebyenteringtheURL:http://microblog.
com/0000000000inthebrowser'saddressbartovalidatewhethertheIDnumberintheURLbelongstotheuser.
WecanacquireallkindsofdataofMicroblogbycallingAPIinterfaceprovidedbySina,includingpersonalprofileinformation,geographicalpositioninformation,dynamicinteractioninformation,user'sfansinformation.
SummaryAtpresent,theresearchofMicrobloguser'sbehaviorandacquiringMicroblogdataareconductedseparately,buttheyareinseparableforforensicworkers.
Onthisbasis,thispapertookSinaMicroblogiPhoneAppasanexampleandproposedanewmethod:firstlyextractdatafromMicroblogapp,thenmakeanalyzeuserbehaviorforthepurposeofforensicanalysis,thismethodcanbeappliedtootherMicroblogapp,too.
AcknowledgementsThisworkissupportedbyNationalSocialScienceFoundationProjectofP.
R.
China(No.
14BFX156),NaturalScienceFoundationProjectofCQCSTCofP.
R.
China(No.
cstc2011jjA40031).
References[1]Informationonhttp://www.
pocketgamer.
biz/metrics/app-store/[2]MutawaNA,BaggiliI,MarringtonA.
Forensicanalysisofsocialnetworkingapplicationsonmobiledevices[J].
DigitalInvestigation,2012,9(15):S24–S33.
[3]GaoF,ZhangY.
AnalysisofWeChatoniPhone[C]//2ndInternationalSymposiumonComputer,Communication,ControlandAutomation.
AtlantisPress,2013.
[4]DuJiang,WangCong.
iPhonethird-partysoftwareforensicsresearch[J].
ComputerCDSoftwareandApplications.
2013,(13):53-54.
[5]HUANGYan-wei,LIUJia-yong.
StudyonSinamicroblogDataAcquisitionTechnology[J].
InformationSecurityandCommunicationsPrivacy.
2013(06):71-73.
[6]ZhaoLing,ZhangJing.
Multi-dimensionalAnalysisofMicroblogUserBehaviorResearch[J].
InformationandDocumentationServices.
2013(05).
[7]ChenPeng,ShuiJinguang.
StatisticalAnalysisofMicroblogUserTypicalBehaviorbasedonIndividualProperty[J].
KnowledgeManagementForum.
2013(05).
[8]ChenCN,TsoR,YangCH.
DesignandImplementationofDigitalForensicSoftwareforiPhone[C]//InformationSecurity(AsiaJCIS),2013EighthAsiaJointConferenceon.
IEEE,2013:90-95.
[9]LevinsonA,StackpoleB,JohnsonD.
Thirdpartyapplicationforensicsonapplemobiledevices[C]//SystemSciences(HICSS),201144thHawaiiInternationalConferenceon.
IEEE,2011:1-9.
[10]XUXiao-dong,XIAOYin-tao,ZHUShi-rui.
SimulationInvestigationofRumorPropagationinMicrobloggingCommunity[J].
ComputerEngineering.
2011,37(10):272-274.
- Vista新浪博客搬家工具相关文档
- 民族新浪博客搬家工具
- 运动新浪博客搬家工具
- 新闻评论之名栏追踪
- "序号","网站名称"
- models新浪博客搬家工具
- 新闻标题:寻找搬家公司四大渠道
Spinservers:美国圣何塞机房少量补货/双E5/64GB DDR4/2TB SSD/10Gbps端口月流量10TB/$111/月
Chia矿机,Spinservers怎么样?Spinservers好不好,Spinservers大硬盘服务器。Spinservers刚刚在美国圣何塞机房补货120台独立服务器,CPU都是双E5系列,64-512GB DDR4内存,超大SSD或NVMe存储,数量有限,机器都是预部署好的,下单即可上架,无需人工干预,有需要的朋友抓紧下单哦。Spinservers是Majestic Hosting So...
MOACK:韩国服务器/双E5-2450L/8GB内存/1T硬盘/10M不限流量,$59.00/月
Moack怎么样?Moack(蘑菇主机)是一家成立于2016年的商家,据说是国人和韩国合资开办的主机商家,目前主要销售独立服务器,机房位于韩国MOACK机房,网络接入了kt/lg/kinx三条线路,目前到中国大陆的速度非常好,国内Ping值平均在45MS左右,而且商家的套餐比较便宜,针对国人有很多活动。不过目前如果购买机器如需现场处理,由于COVID-19越来越严重,MOACK办公楼里的人也被感染...
RangCloud19.8元/月,香港cn2云主机,美国西雅图高防云主机28元/月起
rangcloud怎么样?rangcloud是去年年初开办的国人商家,RangCloud是一家以销售NAT起步,后续逐渐开始拓展到VPS及云主机业务,目前有中国香港、美国西雅图、韩国NAT、广州移动、江门移动、镇江BGP、山东联通、山东BGP等机房。目前,RangCloud提供香港CN2线路云服务器,电信走CN2、联通移动直连,云主机采用PCle固态硬盘,19.8元/月起,支持建站使用;美国高防云...
新浪博客搬家工具为你推荐
-
316不锈钢和304哪个好304和316不锈钢区别哪个好视频制作软件哪个好哪款视频编辑软件比较好用?燃气热水器和电热水器哪个好电热水器和燃气热水器哪一个更安全,且更节省能源?手机浏览器哪个好目前手机浏览器哪个最好帕萨特和迈腾哪个好迈腾和帕萨特对比,哪个更好?朱祁钰和朱祁镇哪个好大家怎么看明英宗和明代宗核芯显卡与独立显卡哪个好核芯显卡与独立显卡哪个好电陶炉和电磁炉哪个好电陶炉和电磁炉哪个好51空间登录以前的51空间怎么进?qq空间登录电脑手机上怎么登陆电脑版QQ空间