Abstract
The advent of the Internet has significantly transformed the daily activities of millions of people, with one of them being the way people communicate where Instant Messaging (IM) and Voice over IP (VoIP) communications have become prevalent. Although IM applications are ubiquitous communication tools nowadays, it was observed that the relevant research on the topic of evidence collection from IM services was limited. The reason is an IM can serve as a very useful yet very dangerous platform for the victim and the suspect to communicate. Indeed, the increased use of Instant Messengers on smart phones has turned to be the goldmine for mobile and computer forensic experts. Traces and Evidence left by applications can be held on smart phones and retrieving those potential evidences with right forensic technique is strongly required. Recently, most research on IM forensics focus on applications such as WhatsApp, Viber and Skype. However, in the literature, there are very few forensic analysis and comparison related to IM applications such as WhatsApp, Viber and Skype and Tango on both iOS and Android platforms, even though the total users of this application already exceeded 1 billion. Therefore, in this paper we present forensic acquisition and analysis of these four IMs and VoIPs for both iOS and Android platforms. We try to answer on how evidence can be collected when IM communications are used. We also define taxonomy of target artefacts in order to guide and structure the subsequent forensic analysis. Finally, a review of the information that can become available via the IM vendor was conducted. The achieved results of this research provided elaborative answers on the types of artifacts that can be identified by these IM and VoIP applications. We compare moreover the forensics analysis of these popular applications: WhatApp, Skype, Viber and Tango.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
European Commission, Digital Agenda for Europe - Telecoms and the Internet. http://ec.europa.eu/digital-agenda/en/telecoms-and-internet
ITU (International Telecommunication Union), Global ICT developments, 2001–2013. http://www.itu.int/en/ITU-D/Statistics/Documents/statistics/2012/stat_page_all_charts.xls
Portio Research, Portio Research Mobile Factbook 2013 (2013)
Eurostat, Internet use in households and by individuals in 2012 (2012)
UNODC, Comprehensive Study on Cybercrime (2013)
McAfee, Hackers Using IM for Cyber Crime (2013). http://home.mcafee.com/advicecenter/?id=ad_cybercrime_huifcc
The Register, Italian crooks use Skype to frustrate wiretaps (2009)
Europol, Threat Assessment - Italian organised crime (2013)
Simon, M., Slay, J.: Voice over IP: Forensic computing implications (2006)
Simon, M., Slay, J.: Investigating modern communication technologies: the effect of internet-based communication technologies on the investigation process. J. Digital Forensics Secur. Law 6(4), 35–62 (2011)
Kiley, M., Dankner, S., Rogers, M.: Forensic analysis of volatile instant messaging. In: Ray, I., Shenoi, S. (eds.) Advances in Digital Forensics IV, vol. 285, pp. 129–138. Springer, USA (2008)
Simon, M., Slay, J.: Recovery of skype application activity data from physical memory. In: 2010 International Conference on Availability, Reliability and Security, pp. 283–288, February 2010
Vidas, T., Zhang, C., Christin, N.: Toward a general collection methodology for Android devices. Digit. Invest. 8, S14–S24 (2011)
Alghafli, K., Jones, A., Martin, T.: Guidelines for the digital forensic processing of smartphones. In: 9th Australian Digital Forensics Conference, vol. 1, pp. 1–8 (2011)
Carpene, C.: Looking to iPhone backup files for evidence extraction. In: Proceedings of the 9th Australian Digital Forensics Conference, pp. 16–32 (2011)
Tso, Y.-C., Wang, S.-J., Huang, C.-T., Wang, W.-J.: iPhone social networking for evidence investigations using iTunes forensics. In: Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication - ICUIMC 2012, p. 1 (2012)
Sebastian Schrittwieser, E.R.W., Fruehwirt, P., Kieseberg, P., Leithner, M., Mulazzani, M., Huber, M.: Guess who’s texting you? evaluating the security of smartphone messaging applications. In: Proceeding of: Network and Distributed System Security Symposium (NDSS 2012) (2012)
Chu, H., Yang, S., Wang, S., Park, J.: The partial digital evidence disclosure in respect to the instant messaging embedded in viber application regarding an android smart phone. In: Proceedings of the 4th FTRA International Conference on Information Technology Convergence and Services (ITCS 2012), pp. 171–178 (2012)
Mahajan, A., Dahiya, M., Sanghvi, H.: Forensic analysis of instant messenger applications on android devices. Int. J. Comput. Appl. 68(8), 38–44 (2013)
Leung, C., Chan, Y.: Network forensic on encrypted peer-to-peer voip traffics and the detection, blocking, and prioritization of skype traffics. In: Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 1–6 (2007)
Aouad, L-M., Tahar Kechadi, M., Trentesaux, J., Le-Khac, N-A.: An Open Framework for Smartphone Evidence Acquisition. In: IFIP International Conference on Digital Forensics, pp. 159–166 (2012)
Xyologic Mobile Analysis GmbH, IM application usage statistics. http://xyo.net/
Wall Street Journal, WhatsApp Surpasses 250 Million Active Users. http://blogs.wsj.com/digits/2013/06/20/whatsapp-surpasses-250-million-active-users/
The Verge, Viber expands to PC and Mac as competitors preach ‘mobile only’. www.theverge.com/2013/5/7/4305350/viber-pc-and-mac-apps-200-million-users
Microsoft, Earnings Release FY13 Q1. http://www.microsoft.com /investor/EarningsAndFinancials/Earnings/PressReleaseAndWebcast/FY13/Q1/default.aspx
Digital Trends, Messaging app Tango steps into social network status with new photo filters and 100 M users
EDPS Glossary - Traffic Data
Location Data - ICO. http://www.ico.org.uk/for_organisations/ privacy_and_electronic_communications/ the_guide/location_data
Skype Forensic Artifacts. http://forensicartifacts.com/2010/08/skype/
Chu, H.-C., Deng, D.-J., Chao, H.-C.: The digital forensics of portable electronic communication devices based on a Skype IM session of a pocket PC for NGC. Wireless Commun. Mob. Comput. 11, 211–225 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Sgaras, C., Kechadi, MT., Le-Khac, NA. (2015). Forensics Acquisition and Analysis of Instant Messaging and VoIP Applications. In: Garain, U., Shafait, F. (eds) Computational Forensics. IWCF IWCF 2012 2014. Lecture Notes in Computer Science(), vol 8915. Springer, Cham. https://doi.org/10.1007/978-3-319-20125-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-20125-2_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-20124-5
Online ISBN: 978-3-319-20125-2
eBook Packages: Computer ScienceComputer Science (R0)