A real estate organization, our client, faced a problem when it suspected an internal security threat. They believed that their employee had been sharing some sneak information belonging to the company such as images and documents on social media networks. Being very important information they needed to corroborate these with social media forensic to ascertain our finding and confirm the methodology use in sharing the information.
The first was to determine if the employee had posted sensitive information on social media sites since the app that facilitated the leak probably had been wiped clean of the leak. The client major concern was to track all the activities associated with sharing of data in the employee’s Samsung Android phone and social network forensic to provide irresistible evidence of the employee’s misconduct.
In order to combat these problems, the authors’ research used several professional methods of social media forensics. The Cellebrite tool was employed to perform a full investigation on the Android belonging to the employee. This included:
In the course of the inquiry, we found out that there is 1000+ images in the device. Going through the metadata and examines the transmission logs, we found that most of these images had passed through the Telegram app. Even though, at the time of analysis, Telegram was not installed on the device, using our approach of the social network forensics, it was possible to identify the prior usage of the application and the shared images.
As we were able to verify in a similar investigation for a client, the employee had sent a number of sensitive images through Telegram with other people. Our social media forensics activities generated concrete documentation which the client could use to get full-fledged understanding of the data leakage, as well as the media that was employed for this purpose.
Such a case emphasizes the importance of both social media forensics and social network forensics to prevent internal security threats and to safeguard important business data. This is why, using such high-tech like Cellebrite, the members of our team managed to retrieve evidence from the device in question as the application and the activity were uninstalled and the traces were tried to be deleted. For the client, our social network forensics services helped to have proper evidence to action and protect their business from the threats in future.