A framework for digital forensics of encrypted real-time network traffic, instant messaging, and VoIP application case study

Sarhan, Soliman Abd Elmonsef; Youness, Hassan; Bahaa-Eldin, Ayman M.

doi:10.1016/j.asej.2022.102069

Cited by 5 publications

(2 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Notably, these analyses are confined to one operating system, Android, and the output primarily involves the examination of network metadata trying to categorize some of the user actions within this application. A previous study [12] introduced a framework and methodology that effectively extracts important information from the encrypted traffic of WhatsApp and Telegram on IOS devices. This innovative framework allows analysts to identify, categorize, and analyze encrypted traffic, including texting, typing, voice and video calls, and media transmissions.…”

Section: Related Workmentioning

confidence: 99%

“…Network forensics is another category of digital forensics that involves capturing live or backup traffic packets and log files from various network components. Analyzing encrypted network traffic [11], [12], [13] can have a significant impact on investigations. However, advancements in encryption techniques have made it more challenging for investigators to extract user activities from encrypted network traffic while using IM applications.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

VoIP Network Forensics of Instant Messaging Calls

Sarhan,

Youness,

Bahaa-Eldin

et al. 2024

IEEE Access

Self Cite

View full text Add to dashboard Cite

Digital forensics is a prime professional field for law enforcement organizations. This is also a major active research topic in cybersecurity. Although traffic and content analysis are leading tasks in this field, most Internet traffic is now encrypted, making traditional content analysis impossible. Furthermore, instant messaging (IM) applications have become increasingly popular for communication between individuals and groups. However, IM conversations can be used for illicit activities such as planning criminal activities or exchanging sensitive information. In such cases, law enforcement agencies may need to perform VoIP forensics to identify suspects involved in conversations. This study proposes a network forensic approach (NFA) for correlating IM calls to identify the IP addresses of suspects. The approach involves capturing and analyzing IM call data, correlating the data with other network traffic, and using the correlation to identify suspects' IP addresses. The proposed approach was tested on real-world IM call data and yielded promising results. The network forensics approach for VoIP is superior to other approaches that need physical access to the end-users' devices, making NFA suitable for early crime detection and in situations where the devices may have been destroyed or burnt. The proposed method attained a success rate of 92.5% in identifying voice IM calls and providing information about the participants involved in the calls.

show abstract

Section: Related Workmentioning

confidence: 99%