This is my 3rd blog post on data visualization, its becoming a bit of a hobby if Im honest. Its really good fun! Aside from fun, I am beginning to believe that there is a significant future in enabling investigators and juries alike to be able to ‘see’ data in a way that is meaningful and useful. In my last post I outlined how Facebook chat was graphed for an abuse case and I had many interesting emails on the subject.
There is a lot of work to do but I decided to move on to a more challenging area, visualizing online data in a LIVE setting. It seemed that there were 2 areas worth looking at, Twitter and investigating web sites.
For both of the examples below I used the free graphing tool Gephi with a variety of plugins.
I'm sure no one reading this needs to have an explanation of Twitter, however, there are areas where an investigator may want to use Twitter to understand how an event was panning out live. An example would be the Police monitoring the ring leaders of a riot or a journalist looking for the movers and shakers in the development of a news event.
An example of the latter came up when I was playing early on with live mapping of Twitter feeds. I had set a filter to intercept all #syria hashtags during the bombardment of the Syrian city of Homs. As the tweets hit 3000 a pattern began to exist in the spherical graph, a cluster of someone who was a tweeter being heavily retweeted. Zooming into the graph gave me his username. A bit of research indicated that this guy was IN homs at the time tweeting what he was seeing in real time. If I was a journalist, I would be wanting to talk to this guy.
Using Gephi with a plugin written specifically for Twitter data I started working with different filters and displays. The plugin taps into the global Twitter feed and applies the filter to decide what to capture. Eventually, I got it sorted and I have posted a slightly less serious example on Youtube with ‘appropriate’ music. I was working on it when I heard that Whitney Houston had sadly died. I quickly started a Twitter capture with hashtags associated with the singer and started a video screen capture. It is fascinating to watch the Tweets arrive and clusters begin to take shape. Initially the busy tweeters were the news outlets such as CNN, but these were quickly replaced with ‘people’, some of which were very popular to retweet.
This is definitely a capability that many investigators should examine. Check out the Whitney video or watch it on YouTube - http://www.youtube.com/watch?v=E70smI9hY_I.
Internet Investigations
For any investigator, whether it be Police, Corporate investigator, Social Engineer or Journalist the ability to understand the web presence of their subject can be invaluable. Being able to simply browse to their targets web site and see what links exist, what services are in use, who handles their credit cards, whether they use analytics, so many different aspects.
Again using Gephi along with an http plugin I set Firefox up to proxy through the plugin and started recording. Using Firefox I then browsed to the web site of OccupyWallSt.org and navigated through its pages. The results can be seen (with appropriate music again!) below or at YouTube - http://www.youtube.com/watch?v=oXgEEznpyvg.
Forensic visualization is probably best used to see data in a clearer way from results gleaned from a disk or RAM dump etc. However, these live feeds provide a fascinating view of the world or an investigation tool that should not be overlooked.
