Vista新浪博客搬家工具
新浪博客搬家工具 时间:2021-01-26 阅读:()
ForensicAnalysistowardstheuserbehaviorofSinamicroblogLongChen1,a,Yong-QingWang2,b1,2Departmentofcomputer,ChongqingUniversityofPostsandTelecommunications,Chongqing,400065,China.
achenlong@cqupt.
edu.
cn,bwangyongqing123@163.
comKeywords:Microblog,userbehaviour,iOSdataacquisition.
Abstract.
Microblog,anewnetworkapplicationintheeraofWeb2.
0,hasbecomeoneofthemajormediuminChina.
Itsmainfeaturesareasfollowings:largenumberofusers,frequentstatusofupdatinginformation,fasttransmissionspeedofinformation.
ThewritertookSinaWeiboiPhoneAppasanexampletostudythebehaviorofindividualcharacteristicsofmicroblogusersbyanalyzingthedatafromsamplesgeneratedbyusingmicroblog.
IntroductionDuetothepopularityandprevalenceofsmartphones,thenumberofthird-partymobileapplicationsincreasesrapidly.
ThenumberofmobileapplicationsinApple'sofficialAppStorehasreached1.
49millionbyJanuary2015[1].
Manyapplicationsaremakingthefeature-richsmartphones.
Therearemanypotentialevidenceforforensicsworkers.
Foreignresearchinthefieldofthird-partyapplicationsfocusesonFacebook,TwitterandMySpace.
Themainstudyfocusesonanalyzinguser'ssocialnetworkingactivityandwhetherthedatastoredinthemainmemoryandthemobilephonecanberestored[2].
DomesticresearchinthisfieldfocusesonWechatandSinaMicroblog.
ForWechat,themainstudyfocusesonanalyzingthefiledirectorystructure[3]andgettingtheaudiofile[4].
ForSinaMicroblog,therearetwomethodsofextractingthedataofSinaMicroblog:acquiringinformationbasedonSinaMicro-BlogOpenPlatformandacquiringinformationbasedonnetworkdataflow[5].
ButwiththedevelopmentofmobileInternet,manySinaMicroblogusersbegintousemobileclientotherthanPCclient,andthereisnorelevantresearchondataextractionofSinaMicroblogApp.
ThewritertookSinaMicroblogiPhoneAppasanexampletoextractsomeimportantdataofSinaMicroblogiPhoneApp,thenanalyzedthedirectorystructureofmicroblogbackupfileandrelevantimportantdata.
ThemethodmentionedinthispapercanhelpforensicinvestigatoracquiresomeimportantdataofSinaMicroblogquicklyandanalyzetheuserbehavioreasily.
MicroblogUserBehaviorMicroblog,asakindofnewinformationcommunicationplatform,cansatisfyourdifferentrequirements,suchasinformationacquisition,informationcommunicationandinformationsharingetc[6].
OntheInternet,therearethreemaintypicalbehaviorsofMicroblogusers:followothers,befollowedbyothers,totweet.
Thefirstoneisakindofbehaviorthattheuseracquiressomeinformationbyfollowingotherusers.
Thesecondoneisakindofbehaviorthattheuseraffectsotherusersthroughbeingfollowedbyothers.
Thethirdoneisakindofbehaviorthattheuserwritestwitterandspreadsinformation.
ThegreaterthenumberofMicroblogbeingcreatedandreposted,thelargertheinformationbeingtransferredbytheuser[7].
DataAcquisitionTherearethreewaystoacquiredatafromiOSdevices:acquiredatafrombackupfile,acquiredatabylogicalmethodandacquiredatabyphysicalmethod.
ThispaperfocusesonhowtoacquiredatafromiOSdevicesbybackupfile.
iPhonebackupsdatabyusingiTunesaccordingtosomesynchronousprotocolsaboutMACOS,sowecanacquiredatafromthebackupdirectoriesstoredinthecomputer.
However,onlythefiledatasynchronizedexactlybysynchronousprotocolcanbeacquirebythismethod.
DifferentoperatingsystemhasdifferentstoragelocationwheniPhonebackupsdatabyusingiTunes,thedetailinformationisshownintable1.
Table1.
backupfile'sstoragelocationofusingiTunesOperationsystemlocationWindowsXPWindowsVista/Windows7MacOSXC:\documentsandsetting\\ApplicationData\AppleComputer\MobleSync\BackupC:\Users\\AppData\Roaming\AppleComputer\MobleSync\BackupUsers//Library/ApplicationSupport/MobileSync/Backup/Alargenumberofkeyinformationcanberecoveredbyusingthemethodmentionedabove.
Frequently-useddataisusuallystoredintheSQLitedatabaseandsomepropertylistfile,assynchronousprotocolcansupportsynchronousoperationoftheSQLdatabaseandsomepropertylistfile.
ForensicanalysisofiPhonethird-partyapplicationTheforensicanalysisofthedatageneratedbyiPhonethird-partyapplicationconsistsofthreeparts:analyzingfileanddirectorystructure,analyzingdatabase/plistfile,correlationanalysis.
IOSdevicecontainsalargenumberofvarioustypesofdata,includingsomedatarelatedwithmobilephoneandbuilt-inapplications,suchascalllog,contacts,shortmessages,photosandthecachefilesofSafaribrowseretc.
Inadditiontothis,iOSalsocontainsthedatageneratedbythethirdpartyapplicationswhicharefromAppStore.
IOSdevicehastwokindsofstorageformats:oneispropertylistfile(plist)inbinaryform,it'susedtostoresomesetupinformation;anotherisSQLitedatabase,it'susedtostorepersonalinformation[8].
Analyzingfileanddirectorystructure.
EveryiOSapplicationhasitsownsandbox,thesandboxisaspecialfilesystemdirectorywhichisseparatedfromotherfiledirectories.
Itcanpreventanyapplicationtoexchangedatawithotherapplications.
Thethird-partyappsofiPhoneareusuallystoredin/private/var/mobile/Applications.
Everythird-partyapphastwodirectories:/Documentsand/Library,thefirstdirectorycontainssomedocumentinformation,theseconddirectorycontainspreferencesettingsandsomecachefiles[9].
Butdifferentthirdpartyapplicationhasdifferentstoragelocationandformat.
Analyzingdatabase/plistfile.
SQLitedatabaseisoneofthemostcommondatatypeforstorage,it'smainlyfoundinthemobileapplicationdevelopment.
ManyapplicationsintheiOSuseSQLitetostoredata.
Manyimportantdata(suchasContacts,ShortMessages,CallHistoryetc)arestoredintheformofSQLitedatabase,thesedataareencodedinUTF-8.
PropertyListfileismainlyusedtostoreserializedobjects.
Thefilenameextensionis.
plist,soit'susuallycalledplistfile.
Plistfileisusuallytostoreusersettingsandextrainformation.
Plistfileisconsistofthreeclasseswithhierarchicalstructure:CocoaFoundation、CoreFoundationandXML,allnodesaredisplayedinalist.
Correlationanalysis.
Althoughthesefilesincludemanyimportantinformation,suchastheuniqueIDofvisitingsocialnetworksite,specialdata,whereandwhentheeventistakingplace.
AnalyzingSinaMicroblogThispaperwilltakeSinaMicroblogiPhoneAppasanexampletodiscusshowtoanalyzeMicroblogusers'behaviorforforensicinvestigator.
Thisworkincludestwosteps:extractimportantbackupfiledatarelatedwithSinaMicroblogusers'behavior,andanalyzeSinaMicroblogdirectorystructure,importantdatabaseandplistfile.
Asthebackfilesareallencryptedfiles,wecanusesomeforensictoolstorestoretheseencryptedfiles,twotoolsusedinthispaperareiBackupBotforiTunes.
Fig1showsthedirectorystructurediagramofusingiPhoneDataRecoverytorestoreSinaMicroblog,SinaMicrobloghastwodirectories:/Documentsand/Library,thefirstdirectoryisusedtostoredocumentinformation,thesecondoneisusedtostorepreferencesettingsandcacheinformation.
Fig1.
DirectoryStructureofSinaMicroblogImportantinformationofSinaMicroblogiPhoneAppisstoredinaSQLitedatabasecalledDocuments/db_42500_1992761734.
dat,thelasttendigits(1992761734)istheuniqueidoftheuser.
Thenwecanknowthatthefilenameofthisdatabasefileinthebackupfilesis4ab36716f9ce19991ac7950591b2c06475e5d21ebycomputingthehashvalue(sha1)ofppDomain-com.
sina.
microblog-Documents/db_42500_1992761734.
dat.
Thenwecanfindseveraltablesinthisdatabasefile,thedetailinformationisshowninFig2.
Fig2.
SQLitefileIt'seasytoanalyzetherelationshipbetweenthedatacontentandcorrespondingMicrobloginformationbyviewingthestructureofeachtable.
Eachtableinthedatabase(db_42500_1992761734.
dat)hasdifferentfunctions,thedetailinformationisshownasfollowings:contact_group_count:Thistableisusedtorecordtheamountofusersineachgroupoffolloingotherusers.
contact_groups:Thistableisusedtorecordsomeinformationaboutbeingfollowedbyotherusers,includingtheGIDandnameofeachgroup.
contact_x_group:Thistableisusedtorecordtheuserslistofbeingfollowedbyothers,includinguserIDandthegroupIDofeachgroup.
contacts:Thistableisusedtorecordtheuserslistoffollowingothers,includingusernameanduserIDetc.
pm_conversations:Thistableisusedtorecordthelistofuser'sMicroblogprivatemessages,includingthenewestrecordofprivatemessagewitheachuser.
pm_messages:ThistableisusedtorecordtheMicroblogmessagelist.
microblogs:ThistableisusedtorecordMicrobloginformationbyuser'stimeline,includingthecontentofMicroblogmessage,theauthorofMicroblogmessage,userID,posttime,theamountofforwarding,thenameofMicroblogclient,geographicalpositioninformation,thelinkofpictureattachedtoMicroblogmessageandsoon.
Twokindsoftypicaluserbehaviors,"Follow"and"Befollowed",formthebasisofMicrobloguser'ssocialnetwork[10].
Wecanacquiretheuserslistoffollowingothersfromthecontactstable.
Thecontactstablecandirectlyreflecttheuser'sintereststowardsdifferentkindofinformation.
Ifwewanttoknowtheuser'ssocialnetworkinformation,weshouldviewtheuser'sfanslistfromcontact_x_grouptable.
User-postedMicroblogmessagesarerecordedinweibotablebytimeline.
Thelast50microblogrecordsarestoredinthemobileclient,theserecordsincludethemicroblogmessagespostedorbrowseredbytheuser.
TheinformationrecordedinthemicroblogtableisveryimportantforstudyingforensicinvestigationofMicrobloguser'sbehavior.
hedetailinformationofeachfieldandthecorrespondingmeaningisshowninTable2Table2theinformationofweibotableFieldStoredinformationStoreddatatypenickUsernicknameNSStringuidTheuniqueIDofuserNSNumeber(intValue)portraitImageInformationNSStringconcentThebodyofpostedMicroblogNSStringpicEmbeddedpictureintheMicroblogNSStringdatelineThedateofpostingMicroblogNSDatertrootuidTheuniqueIDofthepostedMicroblogNSNumeber(intValue)rtrootnickThenicknameofthepostedMicroblogNSStringrtreasonThecommentcontentofforwardedMicroblogNSStringsourceTheappofpostingMicroblogNSStringlongitudeLongitudeNSNumber(floatValue)latitudeLatitudeNSNumber(floatValue)url_structsThelinkinformationembeddedintheMicroblogNSDictionarypage_infoPageinformation(position,topicetc)NSDictionarytopic_structsTopicinformation(thelinkandtitleofthetopic)NSDictionarypic_id_infosThepictureembeddedinthepostedMicroblogNSDictionaryextra_propertiesExtrainformation(Ifthevalueofrelationis0,itindicatesthatthismessageispostedbytheuser;ifthevalueofrelationis1,itindicatesthatthismessageisthepublichomepage'smicroblogmessagewhichisbrowseredbytheuser.
)NSDictionaryTheforensicinvestigatorcanobtainmanyusefulinformationbyanalyzingtheimportantfieldsinweibotable,suchasuser-postedmicroblogmessages,thepublichomepage'smicroblogmessageswhicharebrowseredbytheuser,wheretheuserpostedthemicroblogmessage.
Inadditiontothis,theuser'strackduringaperiodoftimecanbeobtainedbyanalyzingtheinformationoflongitudeandlatitude,thentheforensicinvestigatorcananalyzeMicroblogusers'behaviorfromthepointoftimeandspacerelations.
Exceptforthis,wecandirectlyvisittheuser'sMicrobloghomepagebyenteringtheURL:http://microblog.
com/0000000000inthebrowser'saddressbartovalidatewhethertheIDnumberintheURLbelongstotheuser.
WecanacquireallkindsofdataofMicroblogbycallingAPIinterfaceprovidedbySina,includingpersonalprofileinformation,geographicalpositioninformation,dynamicinteractioninformation,user'sfansinformation.
SummaryAtpresent,theresearchofMicrobloguser'sbehaviorandacquiringMicroblogdataareconductedseparately,buttheyareinseparableforforensicworkers.
Onthisbasis,thispapertookSinaMicroblogiPhoneAppasanexampleandproposedanewmethod:firstlyextractdatafromMicroblogapp,thenmakeanalyzeuserbehaviorforthepurposeofforensicanalysis,thismethodcanbeappliedtootherMicroblogapp,too.
AcknowledgementsThisworkissupportedbyNationalSocialScienceFoundationProjectofP.
R.
China(No.
14BFX156),NaturalScienceFoundationProjectofCQCSTCofP.
R.
China(No.
cstc2011jjA40031).
References[1]Informationonhttp://www.
pocketgamer.
biz/metrics/app-store/[2]MutawaNA,BaggiliI,MarringtonA.
Forensicanalysisofsocialnetworkingapplicationsonmobiledevices[J].
DigitalInvestigation,2012,9(15):S24–S33.
[3]GaoF,ZhangY.
AnalysisofWeChatoniPhone[C]//2ndInternationalSymposiumonComputer,Communication,ControlandAutomation.
AtlantisPress,2013.
[4]DuJiang,WangCong.
iPhonethird-partysoftwareforensicsresearch[J].
ComputerCDSoftwareandApplications.
2013,(13):53-54.
[5]HUANGYan-wei,LIUJia-yong.
StudyonSinamicroblogDataAcquisitionTechnology[J].
InformationSecurityandCommunicationsPrivacy.
2013(06):71-73.
[6]ZhaoLing,ZhangJing.
Multi-dimensionalAnalysisofMicroblogUserBehaviorResearch[J].
InformationandDocumentationServices.
2013(05).
[7]ChenPeng,ShuiJinguang.
StatisticalAnalysisofMicroblogUserTypicalBehaviorbasedonIndividualProperty[J].
KnowledgeManagementForum.
2013(05).
[8]ChenCN,TsoR,YangCH.
DesignandImplementationofDigitalForensicSoftwareforiPhone[C]//InformationSecurity(AsiaJCIS),2013EighthAsiaJointConferenceon.
IEEE,2013:90-95.
[9]LevinsonA,StackpoleB,JohnsonD.
Thirdpartyapplicationforensicsonapplemobiledevices[C]//SystemSciences(HICSS),201144thHawaiiInternationalConferenceon.
IEEE,2011:1-9.
[10]XUXiao-dong,XIAOYin-tao,ZHUShi-rui.
SimulationInvestigationofRumorPropagationinMicrobloggingCommunity[J].
ComputerEngineering.
2011,37(10):272-274.
achenlong@cqupt.
edu.
cn,bwangyongqing123@163.
comKeywords:Microblog,userbehaviour,iOSdataacquisition.
Abstract.
Microblog,anewnetworkapplicationintheeraofWeb2.
0,hasbecomeoneofthemajormediuminChina.
Itsmainfeaturesareasfollowings:largenumberofusers,frequentstatusofupdatinginformation,fasttransmissionspeedofinformation.
ThewritertookSinaWeiboiPhoneAppasanexampletostudythebehaviorofindividualcharacteristicsofmicroblogusersbyanalyzingthedatafromsamplesgeneratedbyusingmicroblog.
IntroductionDuetothepopularityandprevalenceofsmartphones,thenumberofthird-partymobileapplicationsincreasesrapidly.
ThenumberofmobileapplicationsinApple'sofficialAppStorehasreached1.
49millionbyJanuary2015[1].
Manyapplicationsaremakingthefeature-richsmartphones.
Therearemanypotentialevidenceforforensicsworkers.
Foreignresearchinthefieldofthird-partyapplicationsfocusesonFacebook,TwitterandMySpace.
Themainstudyfocusesonanalyzinguser'ssocialnetworkingactivityandwhetherthedatastoredinthemainmemoryandthemobilephonecanberestored[2].
DomesticresearchinthisfieldfocusesonWechatandSinaMicroblog.
ForWechat,themainstudyfocusesonanalyzingthefiledirectorystructure[3]andgettingtheaudiofile[4].
ForSinaMicroblog,therearetwomethodsofextractingthedataofSinaMicroblog:acquiringinformationbasedonSinaMicro-BlogOpenPlatformandacquiringinformationbasedonnetworkdataflow[5].
ButwiththedevelopmentofmobileInternet,manySinaMicroblogusersbegintousemobileclientotherthanPCclient,andthereisnorelevantresearchondataextractionofSinaMicroblogApp.
ThewritertookSinaMicroblogiPhoneAppasanexampletoextractsomeimportantdataofSinaMicroblogiPhoneApp,thenanalyzedthedirectorystructureofmicroblogbackupfileandrelevantimportantdata.
ThemethodmentionedinthispapercanhelpforensicinvestigatoracquiresomeimportantdataofSinaMicroblogquicklyandanalyzetheuserbehavioreasily.
MicroblogUserBehaviorMicroblog,asakindofnewinformationcommunicationplatform,cansatisfyourdifferentrequirements,suchasinformationacquisition,informationcommunicationandinformationsharingetc[6].
OntheInternet,therearethreemaintypicalbehaviorsofMicroblogusers:followothers,befollowedbyothers,totweet.
Thefirstoneisakindofbehaviorthattheuseracquiressomeinformationbyfollowingotherusers.
Thesecondoneisakindofbehaviorthattheuseraffectsotherusersthroughbeingfollowedbyothers.
Thethirdoneisakindofbehaviorthattheuserwritestwitterandspreadsinformation.
ThegreaterthenumberofMicroblogbeingcreatedandreposted,thelargertheinformationbeingtransferredbytheuser[7].
DataAcquisitionTherearethreewaystoacquiredatafromiOSdevices:acquiredatafrombackupfile,acquiredatabylogicalmethodandacquiredatabyphysicalmethod.
ThispaperfocusesonhowtoacquiredatafromiOSdevicesbybackupfile.
iPhonebackupsdatabyusingiTunesaccordingtosomesynchronousprotocolsaboutMACOS,sowecanacquiredatafromthebackupdirectoriesstoredinthecomputer.
However,onlythefiledatasynchronizedexactlybysynchronousprotocolcanbeacquirebythismethod.
DifferentoperatingsystemhasdifferentstoragelocationwheniPhonebackupsdatabyusingiTunes,thedetailinformationisshownintable1.
Table1.
backupfile'sstoragelocationofusingiTunesOperationsystemlocationWindowsXPWindowsVista/Windows7MacOSXC:\documentsandsetting\\ApplicationData\AppleComputer\MobleSync\BackupC:\Users\\AppData\Roaming\AppleComputer\MobleSync\BackupUsers//Library/ApplicationSupport/MobileSync/Backup/Alargenumberofkeyinformationcanberecoveredbyusingthemethodmentionedabove.
Frequently-useddataisusuallystoredintheSQLitedatabaseandsomepropertylistfile,assynchronousprotocolcansupportsynchronousoperationoftheSQLdatabaseandsomepropertylistfile.
ForensicanalysisofiPhonethird-partyapplicationTheforensicanalysisofthedatageneratedbyiPhonethird-partyapplicationconsistsofthreeparts:analyzingfileanddirectorystructure,analyzingdatabase/plistfile,correlationanalysis.
IOSdevicecontainsalargenumberofvarioustypesofdata,includingsomedatarelatedwithmobilephoneandbuilt-inapplications,suchascalllog,contacts,shortmessages,photosandthecachefilesofSafaribrowseretc.
Inadditiontothis,iOSalsocontainsthedatageneratedbythethirdpartyapplicationswhicharefromAppStore.
IOSdevicehastwokindsofstorageformats:oneispropertylistfile(plist)inbinaryform,it'susedtostoresomesetupinformation;anotherisSQLitedatabase,it'susedtostorepersonalinformation[8].
Analyzingfileanddirectorystructure.
EveryiOSapplicationhasitsownsandbox,thesandboxisaspecialfilesystemdirectorywhichisseparatedfromotherfiledirectories.
Itcanpreventanyapplicationtoexchangedatawithotherapplications.
Thethird-partyappsofiPhoneareusuallystoredin/private/var/mobile/Applications.
Everythird-partyapphastwodirectories:/Documentsand/Library,thefirstdirectorycontainssomedocumentinformation,theseconddirectorycontainspreferencesettingsandsomecachefiles[9].
Butdifferentthirdpartyapplicationhasdifferentstoragelocationandformat.
Analyzingdatabase/plistfile.
SQLitedatabaseisoneofthemostcommondatatypeforstorage,it'smainlyfoundinthemobileapplicationdevelopment.
ManyapplicationsintheiOSuseSQLitetostoredata.
Manyimportantdata(suchasContacts,ShortMessages,CallHistoryetc)arestoredintheformofSQLitedatabase,thesedataareencodedinUTF-8.
PropertyListfileismainlyusedtostoreserializedobjects.
Thefilenameextensionis.
plist,soit'susuallycalledplistfile.
Plistfileisusuallytostoreusersettingsandextrainformation.
Plistfileisconsistofthreeclasseswithhierarchicalstructure:CocoaFoundation、CoreFoundationandXML,allnodesaredisplayedinalist.
Correlationanalysis.
Althoughthesefilesincludemanyimportantinformation,suchastheuniqueIDofvisitingsocialnetworksite,specialdata,whereandwhentheeventistakingplace.
AnalyzingSinaMicroblogThispaperwilltakeSinaMicroblogiPhoneAppasanexampletodiscusshowtoanalyzeMicroblogusers'behaviorforforensicinvestigator.
Thisworkincludestwosteps:extractimportantbackupfiledatarelatedwithSinaMicroblogusers'behavior,andanalyzeSinaMicroblogdirectorystructure,importantdatabaseandplistfile.
Asthebackfilesareallencryptedfiles,wecanusesomeforensictoolstorestoretheseencryptedfiles,twotoolsusedinthispaperareiBackupBotforiTunes.
Fig1showsthedirectorystructurediagramofusingiPhoneDataRecoverytorestoreSinaMicroblog,SinaMicrobloghastwodirectories:/Documentsand/Library,thefirstdirectoryisusedtostoredocumentinformation,thesecondoneisusedtostorepreferencesettingsandcacheinformation.
Fig1.
DirectoryStructureofSinaMicroblogImportantinformationofSinaMicroblogiPhoneAppisstoredinaSQLitedatabasecalledDocuments/db_42500_1992761734.
dat,thelasttendigits(1992761734)istheuniqueidoftheuser.
Thenwecanknowthatthefilenameofthisdatabasefileinthebackupfilesis4ab36716f9ce19991ac7950591b2c06475e5d21ebycomputingthehashvalue(sha1)ofppDomain-com.
sina.
microblog-Documents/db_42500_1992761734.
dat.
Thenwecanfindseveraltablesinthisdatabasefile,thedetailinformationisshowninFig2.
Fig2.
SQLitefileIt'seasytoanalyzetherelationshipbetweenthedatacontentandcorrespondingMicrobloginformationbyviewingthestructureofeachtable.
Eachtableinthedatabase(db_42500_1992761734.
dat)hasdifferentfunctions,thedetailinformationisshownasfollowings:contact_group_count:Thistableisusedtorecordtheamountofusersineachgroupoffolloingotherusers.
contact_groups:Thistableisusedtorecordsomeinformationaboutbeingfollowedbyotherusers,includingtheGIDandnameofeachgroup.
contact_x_group:Thistableisusedtorecordtheuserslistofbeingfollowedbyothers,includinguserIDandthegroupIDofeachgroup.
contacts:Thistableisusedtorecordtheuserslistoffollowingothers,includingusernameanduserIDetc.
pm_conversations:Thistableisusedtorecordthelistofuser'sMicroblogprivatemessages,includingthenewestrecordofprivatemessagewitheachuser.
pm_messages:ThistableisusedtorecordtheMicroblogmessagelist.
microblogs:ThistableisusedtorecordMicrobloginformationbyuser'stimeline,includingthecontentofMicroblogmessage,theauthorofMicroblogmessage,userID,posttime,theamountofforwarding,thenameofMicroblogclient,geographicalpositioninformation,thelinkofpictureattachedtoMicroblogmessageandsoon.
Twokindsoftypicaluserbehaviors,"Follow"and"Befollowed",formthebasisofMicrobloguser'ssocialnetwork[10].
Wecanacquiretheuserslistoffollowingothersfromthecontactstable.
Thecontactstablecandirectlyreflecttheuser'sintereststowardsdifferentkindofinformation.
Ifwewanttoknowtheuser'ssocialnetworkinformation,weshouldviewtheuser'sfanslistfromcontact_x_grouptable.
User-postedMicroblogmessagesarerecordedinweibotablebytimeline.
Thelast50microblogrecordsarestoredinthemobileclient,theserecordsincludethemicroblogmessagespostedorbrowseredbytheuser.
TheinformationrecordedinthemicroblogtableisveryimportantforstudyingforensicinvestigationofMicrobloguser'sbehavior.
hedetailinformationofeachfieldandthecorrespondingmeaningisshowninTable2Table2theinformationofweibotableFieldStoredinformationStoreddatatypenickUsernicknameNSStringuidTheuniqueIDofuserNSNumeber(intValue)portraitImageInformationNSStringconcentThebodyofpostedMicroblogNSStringpicEmbeddedpictureintheMicroblogNSStringdatelineThedateofpostingMicroblogNSDatertrootuidTheuniqueIDofthepostedMicroblogNSNumeber(intValue)rtrootnickThenicknameofthepostedMicroblogNSStringrtreasonThecommentcontentofforwardedMicroblogNSStringsourceTheappofpostingMicroblogNSStringlongitudeLongitudeNSNumber(floatValue)latitudeLatitudeNSNumber(floatValue)url_structsThelinkinformationembeddedintheMicroblogNSDictionarypage_infoPageinformation(position,topicetc)NSDictionarytopic_structsTopicinformation(thelinkandtitleofthetopic)NSDictionarypic_id_infosThepictureembeddedinthepostedMicroblogNSDictionaryextra_propertiesExtrainformation(Ifthevalueofrelationis0,itindicatesthatthismessageispostedbytheuser;ifthevalueofrelationis1,itindicatesthatthismessageisthepublichomepage'smicroblogmessagewhichisbrowseredbytheuser.
)NSDictionaryTheforensicinvestigatorcanobtainmanyusefulinformationbyanalyzingtheimportantfieldsinweibotable,suchasuser-postedmicroblogmessages,thepublichomepage'smicroblogmessageswhicharebrowseredbytheuser,wheretheuserpostedthemicroblogmessage.
Inadditiontothis,theuser'strackduringaperiodoftimecanbeobtainedbyanalyzingtheinformationoflongitudeandlatitude,thentheforensicinvestigatorcananalyzeMicroblogusers'behaviorfromthepointoftimeandspacerelations.
Exceptforthis,wecandirectlyvisittheuser'sMicrobloghomepagebyenteringtheURL:http://microblog.
com/0000000000inthebrowser'saddressbartovalidatewhethertheIDnumberintheURLbelongstotheuser.
WecanacquireallkindsofdataofMicroblogbycallingAPIinterfaceprovidedbySina,includingpersonalprofileinformation,geographicalpositioninformation,dynamicinteractioninformation,user'sfansinformation.
SummaryAtpresent,theresearchofMicrobloguser'sbehaviorandacquiringMicroblogdataareconductedseparately,buttheyareinseparableforforensicworkers.
Onthisbasis,thispapertookSinaMicroblogiPhoneAppasanexampleandproposedanewmethod:firstlyextractdatafromMicroblogapp,thenmakeanalyzeuserbehaviorforthepurposeofforensicanalysis,thismethodcanbeappliedtootherMicroblogapp,too.
AcknowledgementsThisworkissupportedbyNationalSocialScienceFoundationProjectofP.
R.
China(No.
14BFX156),NaturalScienceFoundationProjectofCQCSTCofP.
R.
China(No.
cstc2011jjA40031).
References[1]Informationonhttp://www.
pocketgamer.
biz/metrics/app-store/[2]MutawaNA,BaggiliI,MarringtonA.
Forensicanalysisofsocialnetworkingapplicationsonmobiledevices[J].
DigitalInvestigation,2012,9(15):S24–S33.
[3]GaoF,ZhangY.
AnalysisofWeChatoniPhone[C]//2ndInternationalSymposiumonComputer,Communication,ControlandAutomation.
AtlantisPress,2013.
[4]DuJiang,WangCong.
iPhonethird-partysoftwareforensicsresearch[J].
ComputerCDSoftwareandApplications.
2013,(13):53-54.
[5]HUANGYan-wei,LIUJia-yong.
StudyonSinamicroblogDataAcquisitionTechnology[J].
InformationSecurityandCommunicationsPrivacy.
2013(06):71-73.
[6]ZhaoLing,ZhangJing.
Multi-dimensionalAnalysisofMicroblogUserBehaviorResearch[J].
InformationandDocumentationServices.
2013(05).
[7]ChenPeng,ShuiJinguang.
StatisticalAnalysisofMicroblogUserTypicalBehaviorbasedonIndividualProperty[J].
KnowledgeManagementForum.
2013(05).
[8]ChenCN,TsoR,YangCH.
DesignandImplementationofDigitalForensicSoftwareforiPhone[C]//InformationSecurity(AsiaJCIS),2013EighthAsiaJointConferenceon.
IEEE,2013:90-95.
[9]LevinsonA,StackpoleB,JohnsonD.
Thirdpartyapplicationforensicsonapplemobiledevices[C]//SystemSciences(HICSS),201144thHawaiiInternationalConferenceon.
IEEE,2011:1-9.
[10]XUXiao-dong,XIAOYin-tao,ZHUShi-rui.
SimulationInvestigationofRumorPropagationinMicrobloggingCommunity[J].
ComputerEngineering.
2011,37(10):272-274.
- Vista新浪博客搬家工具相关文档
- 民族新浪博客搬家工具
- 运动新浪博客搬家工具
- 新闻评论之名栏追踪
- "序号","网站名称"
- models新浪博客搬家工具
- 新闻标题:寻找搬家公司四大渠道
RAKsmart秒杀服务器$30/月,洛杉矶/圣何塞/香港/日本站群特价
RAKsmart发布了9月份优惠促销活动,从9月1日~9月30日期间,爆款美国服务器每日限量抢购最低$30.62-$46/月起,洛杉矶/圣何塞/香港/日本站群大量补货特价销售,美国1-10Gbps大带宽不限流量服务器低价热卖等。RAKsmart是一家华人运营的国外主机商,提供的产品包括独立服务器租用和VPS等,可选数据中心包括美国加州圣何塞、洛杉矶、中国香港、韩国、日本、荷兰等国家和地区数据中心(...
BeerVM1GB内存/VDSps端口1GB,350元/月
beervm是一家国人商家,主要提供国内KVM VPS,有河南移动、广州移动等。现在预售湖南长沙联通vds,性价比高。湖南长沙vps(长沙vds),1GB内存/7GB SSD空间/10TB流量/1Gbps端口/独立IP/KVM,350元/月,有需要的可以关注一下。Beervm长沙联通vps套餐:长沙联通1G青春版(预售)长沙联通3G标准版(预售)长沙联通3G(预售)vCPU:1vCPU:2vCPU...
BuyVM老牌商家新增迈阿密机房 不限流量 月付2美元
我们很多老用户对于BuyVM商家还是相当熟悉的,也有翻看BuyVM相关的文章可以追溯到2014年的时候有介绍过,不过那时候介绍这个商家并不是很多,主要是因为这个商家很是刁钻。比如我们注册账户的信息是否完整,以及我们使用是否规范,甚至有其他各种问题导致我们是不能购买他们家机器的。以前你嚣张是很多人没有办法购买到其他商家的机器,那时候其他商家的机器不多。而如今,我们可选的商家比较多,你再也嚣张不起来。...
新浪博客搬家工具为你推荐
-
免费送q币活动那些免费送Q币的活动是不是假的啊???视频制作软件哪个好哪个 制作视频的软件 比较好用而且是免费的?中文的滚筒洗衣机和波轮洗衣机哪个好滚筒洗衣机和波轮洗衣机的哪个好录音软件哪个好手机录音软件哪个好用ps软件哪个好什么PS软件好无纺布和熔喷布口罩哪个好无纺布除了做尿布湿口罩这些,还有其他什么用处吗?杰士邦和杜蕾斯哪个好安全套杜蕾丝好还是杰士邦好?核芯显卡与独立显卡哪个好核心显卡和独立显卡哪个好电陶炉和电磁炉哪个好电陶炉和电磁炉哪个好dnf魔枪士转职哪个好dnf魔枪士转职哪个职业好?