Forensic investigation framework for VoIP protocol

Manesh, T.; El-atty, Saied M. Abd; Sha, Mohemmed; Brijith, B.; Vivekanandan, K.

doi:10.1109/anti-cybercrime.2015.7351935

Cited by 3 publications

(5 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Network forensics is a fundamental branch of digital forensics. The analysis of network traffic to investigate security incidents, data breaches and security policy violations is known as network forensics [17]. Network forensics evidence can be collected when communication is intercepted at the packet level.…”

Section: Introductionmentioning

confidence: 99%

Application of Artificial Intelligence to Network Forensics: Survey, Challenges and Future Directions

et al. 2022

View full text Add to dashboard Cite

Network forensics focuses on the identification and investigation of internal and external network attacks, the reverse engineering of network protocols, and the uninstrumented investigation of networked devices. It lies at the intersection of digital forensics, incident response and network security. Network attacks exploit software and hardware vulnerabilities and communication protocols. The scope of a network forensic investigation can range from Internet-wide down to a single device's network traffic. Network analysis tools (NATs) aid security professionals and law enforcement in the capturing, identification and analysis of network traffic. However, in most instances, the sheer volume of data to be analyzed is enormous and, despite some built-in NAT automation, the investigation of network traffic is often an arduous process. Furthermore, significant expert time remains wasted in the investigation of a high frequency of false positive alerting from automated systems. To address this globally impacting problem, artificial intelligence based approaches are becoming increasingly employed to automatically detect attacks and increase network traffic classification accuracy. This paper provides a comprehensive survey of the state-of-the-art in network forensics and the application of expert systems, machine learning, deep learning, and ensemble/hybrid approaches to a range of application areas in the field. These include network traffic analysis, intrusion detection systems, Internetof-Things devices, cloud forensics, DNS tunneling, smart grid forensics, and vehicle forensics. In addition, the current challenges and future research directions for each of the aforementioned application areas is discussed.

show abstract

Section: Introductionmentioning

confidence: 99%

Application of Artificial Intelligence to Network Forensics: Survey, Challenges and Future Directions

et al. 2022

View full text Add to dashboard Cite

show abstract

“…The SMTPS Stream Decrypt and POP3S Stream Decrypt sub segments decrypt network packets stored as PCAP files with SMPTPS and POP3 network sessions using the traced session key and further creates a PCAP file with a stream of unencrypted packets. [14] …”

Section: ) Smtps Stream Decrypt and Pop3 Stream Decryptmentioning

confidence: 99%

“…The client and server will encrypt further communication using the shared Master Secret. [14] Proposed segment of this forensic engine identifies TLS handshake packets and records cipher used, its key length, protocol version along with compression methods by dissecting network packets using JPCAP and OpenSSL software libraries. As discussed above, ultimate aim of this segment is to calculate 48-byte Master Secret (MS) or session key for encrypting the inbound traffic.…”

Section: ) Tls Handshake Decode and Certificate Handlementioning

confidence: 99%

“…From the step 3, TLS handshake decode segment extracts public key present in the X.509 certificate as mentioned earlier, and identifies size of PreMasterSecret created which is normally 128 bytes in size with RSA key size of 1024 bit keys. [14] Once certificate reaches client from the server, it also receives key exchange messages, which support both RSA, or Diffie Hellman based key exchange methods. Proposed segment is designed to work with both types of key exchange methods to get public key of the server and encrypted PreMasterSecret.…”

Section: ) Tls Handshake Decode and Certificate Handlementioning

confidence: 99%

“…The client encrypts this generated PMU with the public key of the server and sends to TLS server. [14] In step 5, the server decrypts the encrypted PMU as it hold its private key to obtain original PMS generated at the client side. At the end of this communication, both client and server hold same ingredients like RNs, PMS and public certificate of the server.…”

Section: ) Tls Handshake Decode and Certificate Handlementioning

confidence: 99%

See 2 more Smart Citations

SSL based Webmail Forensic Engine

Manesh¹,

Abdalla²,

Sha³

et al. 2017

ijacsa

View full text Add to dashboard Cite

Abstract-In this era of information technology, email applications are the foremost and extensively used electronic communication technology. Emails are profusely used to exchange data and information using several frontend applications from various service providers by its users. Currently most of the email clients and service providers now moved to secured data communications using SSL or TLS security for their data exchanged. Cyber criminals and terrorists have started by means of this mode for exchanging their malicious information in their transactions. Forensic experts have to face greater difficulty and multiple challenges in tracing crucial forensic information from network packets as the communication is secured. These challenges might affect the digital forensic experts in procuring substantial evidences against such criminals from their working environments. This research work revels working background of SSL based webmail forensic engine, which decrypt respective communication or network session and also reconstruct the actual message contents of webmail applications. This digital forensic engine is compatible to work with in proxy servers and other computing environments and enables forensic reconstruction followed by analysis of webmail clients. Proposed forensic engine employs is a highspeed packet capturing hardware module, a sophisticated packet reformation algorithm; restores email header and messages from encrypted stream of SMTP and POP3 network sessions. Proposed forensic engine also support cyber investigation team with generated forensic report and prosecution of culprits by judiciary system of the specific country.

show abstract

Voice over IP forensic approaches: A review

Al-Saadawi

Varol

2017

2017 5th International Symposium on Digital Forensic and Security (ISDFS)

View full text Add to dashboard Cite

Forensic investigation framework for VoIP protocol

Cited by 3 publications

References 18 publications

Application of Artificial Intelligence to Network Forensics: Survey, Challenges and Future Directions

Application of Artificial Intelligence to Network Forensics: Survey, Challenges and Future Directions

SSL based Webmail Forensic Engine

Voice over IP forensic approaches: A review

Contact Info

Product

Resources

About