Tracking Criminals on Facebook: A Case Study from a Digital Forensics REU Program

Daniel Weiss, Gary Warner Warner


The 2014 Digital Forensics Research Experience for Undergraduates (REU) Program at the University of Alabama at Birmingham (UAB) focused its summer efforts on tracking criminal forums and Facebook groups.  The UAB-REU Facebook team was provided with a list of about 60 known criminal groups on Facebook, with a goal to track illegal information posted in these groups and ultimately store the information in a searchable database for use by digital forensic analysts.  Over the course of about eight weeks, the UAB-REU Facebook team created a database with over 400 Facebook groups conducting criminal activity along with over 100,000 unique users within these groups.  As of November 2014, students involved in the research project with Advisor Gary Warner at UAB continued running the automated fetchers since my summer projected completed.  Working with U.S. Federal Law Enforcement agencies, there have been at least NINE CONFIRMED ARRESTS of individuals associated with the illegal activities tracked on Facebook.  This paper will discuss the methods used to collect the information, store it in a database and analyze the data.  The paper will also present possible future uses of the Facebook criminal activity-monitoring tool.


social media, criminal organizations, online crime, social network monitoring

Full Text:



Allen, M. (2010). Retrieved from

Burgess, E., & Metz, E. (2008). Applying Google Mini search appliance for document discoverability. Online, 32(4), 25-27.

Chan, A. (2009, July). Google to the (E-Discovery) rescue? Retrieved January 11, 2013, from eDiscovery:

Cheeck, J. M., & Buss, A. H. (1981). Shyness and sociability. Journal of personality and social psychology, 41(2), 330.

Clark, J. (2005). AnandTech Search goes Google. Retrieved January 11, 2013, from

Claypool, M., Le, P., Wased, M., & Brown, D. (2001). Implicit interest indicators. Proceedings of the 6th international conference on Intelligent user interfaces (pp. 33-40). ACM.

Colombini, C., & Colella, A. (2013). Digital profiling: A computer forensics approach. Availability, Reliability and Security for Business, Enterprise and Health Information Systems, 330-343.

Colombini, C., Colella, A., & Italian Army. (2012). Digital scene of crime: technique of profiling users. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications.

Compton, D., & Hamilton, J. (2011). An Examination of the Techniques and Implications of the Crowd-sourced Collection of Forensic Data. Third International Conference on Privacy, Security, Risk and Trust (PASSAT) (pp. 892-895). IEEE.

Cuff, J. (2009). Key trends and developments of rights information management systems–An interview with Jim Cuff of Iron Mountain Digital. Journal of Digital Asset Management, 5(2), 98-110.

Denning, D. E., & Baugh Jr., W. E. (1999). Hiding crimes in cyberspace. Information, Communication & Society, 2(3), 251-276.

Ericsson, K. A., Krampe, R. T., & Tesch-Römer, C. (1993). The role of deliberate practice in the acquisition of expert performance. Psychological Review, 100(3), 363.

Florencio, D., & Herley, C. (2007). A large-scale study of web password habits. Proceedings of the 16th international conference on World Wide Web (pp. 657-666). ACM.

Garrison, J. (2012, December 11). Google Mini Search Appliance Teardown. Retrieved July 8, 2013, from

Gaw, S., & Felten, E. (2006). Password management strategies for online accounts. Proceedings of the second symposium on Usable privacy and security (pp. 44-45). ACM.

Google. (2013a). Google Mini Help. Retrieved January 11, 2013, from Google Web Site:

Google. (2013b). Google Mini: Information. Retrieved January 11, 2013, from Google web site:

Google. (2013c). Google Mini Report Overview. Retrieved January 11, 2013, from Google web site:

Google. (2013d). First-Time Startup of a Google Search Appliance. Retrieved January 15, 2013, from Google web site:

Google. (2013e). Google Mini Help Center. Retrieved June 30, 2013, from Google web site:

Google. (2013f). Google Mini License Agreement v3.0. Retrieved July 8, 2013, from Google web site:

Grabosky, P. (2000). Computer crime: A criminological overview. Workshop on Crimes Related to the Computer Network, Tenth United Nations Congress on the Prevention of Crime and the Treatment of Offenders. Vienna.

Griffith, H. L. (Winter 2012). Understanding and Authenticating Evidence from Social Networking Sites. Washington Journal of Law, Technology & Arts.

Herley, C. (2012). Why do Nigerian Scammers say they are from Nigeria? WEIS.

Holt, M. R., & San Pedro, V. (2014). Social Media Evidence: What you can't use won't help you - Practical considerations for using evidence gathered on the Internet. The Florida Bar Journal.

Holt, T. J., & Smirnova, O. (2014). Examining the Structure, Organization and Processes of the International Market for Stolen Data. Washington DC: National Criminal Justice Reference Service.

Jenkins, C., Corritore, C. L., & Weidenbeck, S. (2003). Patterns of information seeking on the Web: A qualitative study of domain expertise and Web expertise. IT & Society, 1(3), 64-89.

Kohlman, E. (2011, 12 6). The Antisocial Network: countering the use of online social networking technologies by foreign terrorist organizations. Retrieved from Kohlmann[1].pdf

Krone, T. (2004). A typology of online child pornography offending. Australian Institute of Criminology.

Larrieu, T. (2009). Crawling the Control System. No. JLAB-ACO-09-1072; DOE/OR/23177-1007. Newport News, VA: Thomas Jefferson National Accelerator Facility.

LaTulippe, T. (2011). Working Inside the Box: An Example of Google Desktop Search in a Forensic Examination. Journal of Digital Forensics, Security and Law, 6(4), 11-18.

Levin, R., Richardson, J., Warner, G., & Kerley, K. (2012). Explaining Cybercrime through the Lens of Differential Association Theory. eCrime Researchers Summit (pp. 1-9). Las Croabas, Puerto Rico: IEEE.

McElhaney, S., & Ghani, S. (2008). Enterprise Search and Automated Testing. Governance, Risk, and Compliance Handbook: Technology, Finance, Environmental, and International Guidance and Best Practices, 267.

Merces, F. (2011). The Brazilian Underground Market: The Market for Cybercriminal Wannabes? Retrieved from Trend Micro:

Merritt, K., Smith, D., & Renzo, J. (2005). An investigation of self-reported computer literacy: Is it reliable. Issues in Information Systems, 6(1), 289-295.

Motoyama, M., McCoy, D., Levchenko, K., Savage, S., & Voelker, G. M. (2011). An analysis of underground forums. 2011 ACM SIGCOMM conference on Internet measurement (pp. 71-80). NY: ACM.

Ngo, F. T., & Parternoster, R. (2011). Cybercrime victimization: An examination of Individual and Situational level factors. International Journal of Cyber Criminology, 5(1), 773-793.

Nykodym, N., Taylor, R., & Vilela, J. (2005). Criminal profiling and insider cyber crime. Digital Investigation, 2(4), 261-267.

Orr, E., Sisic, M., Ross, C., Simmering, M. G., Arseneault, J. M., & Orr, R. R. (2009). The influence of shyness on the use of Facebook in an undergraduate sample. CyberPsychology & Behavior, 12(3), 337-340.

Radianti, J., Rich, E., & Gonzalez, J. J. (2009). Vulnerability black markets: Empirical evidence and scenario simulation. 42nd Hawaii International Conference on System Sciences (pp. 1-10). IEEE.

Rogers, M. K. (2006). A two-dimensional circumplex approach to the development of a hacker taxonomy. Digital investigation, 3(2), 97-102.

Rogers, M. K. (2010). The Psyche of Cybercriminals: A Psycho-Social Perspective. In Cybercrimes: A Multidisciplinary Analysis (pp. 217-235). Springer Berlin Heidelberg.

Scealy, M., Phillips, J. G., & Stevenson, R. (2002). Shyness and anxiety as predictors of patterns of Internet usage. CyberPsychology & Behavior, 5(6), 507-515.

Sholl, E. W. (2013). Exhibit Facebook: The Discoverability and Admission of Social Media Evidence. Tulane Journal of Technology and Intellectual Property.

Topalli, V. (2004). Criminal expertise and offender decision-making: An experimental analysis of how offenders and non-offenders differentially perceive social stimuli. British Journal of Criminology, 45(3), 269-295.

United States Government. (2013, September 27). Criminal Complaint. Retrieved October 11, 2013, from

Warren, P., & Streeter, M. (2006). Cyber alert: How the world is under attack from a new form of crime. Vision Paperbacks.

Wright, R., Logie, R. H., & Decker, S. H. (1995). Criminal expertise and offender decision making: An experimental study of the target selection process in residential burglary. Journal of Research in Crime and Delinquency, 32(1), 39-53.


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

(c) 2006-2015 Association of Digital Forensics, Security and Law