Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Computational Forensics

International Workshop on Computational Forensics

IWCF 2012, IWCF 2014: Computational Forensics pp 188–199Cite as

Forensics Acquisition and Analysis of Instant Messaging and VoIP Applications

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNIP,volume 8915))

Abstract

The advent of the Internet has significantly transformed the daily activities of millions of people, with one of them being the way people communicate where Instant Messaging (IM) and Voice over IP (VoIP) communications have become prevalent. Although IM applications are ubiquitous communication tools nowadays, it was observed that the relevant research on the topic of evidence collection from IM services was limited. The reason is an IM can serve as a very useful yet very dangerous platform for the victim and the suspect to communicate. Indeed, the increased use of Instant Messengers on smart phones has turned to be the goldmine for mobile and computer forensic experts. Traces and Evidence left by applications can be held on smart phones and retrieving those potential evidences with right forensic technique is strongly required. Recently, most research on IM forensics focus on applications such as WhatsApp, Viber and Skype. However, in the literature, there are very few forensic analysis and comparison related to IM applications such as WhatsApp, Viber and Skype and Tango on both iOS and Android platforms, even though the total users of this application already exceeded 1 billion. Therefore, in this paper we present forensic acquisition and analysis of these four IMs and VoIPs for both iOS and Android platforms. We try to answer on how evidence can be collected when IM communications are used. We also define taxonomy of target artefacts in order to guide and structure the subsequent forensic analysis. Finally, a review of the information that can become available via the IM vendor was conducted. The achieved results of this research provided elaborative answers on the types of artifacts that can be identified by these IM and VoIP applications. We compare moreover the forensics analysis of these popular applications: WhatApp, Skype, Viber and Tango.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. European Commission, Digital Agenda for Europe - Telecoms and the Internet. http://ec.europa.eu/digital-agenda/en/telecoms-and-internet

  2. ITU (International Telecommunication Union), Global ICT developments, 2001–2013. http://www.itu.int/en/ITU-D/Statistics/Documents/statistics/2012/stat_page_all_charts.xls

  3. Portio Research, Portio Research Mobile Factbook 2013 (2013)

    Google Scholar 

  4. Eurostat, Internet use in households and by individuals in 2012 (2012)

    Google Scholar 

  5. UNODC, Comprehensive Study on Cybercrime (2013)

    Google Scholar 

  6. McAfee, Hackers Using IM for Cyber Crime (2013). http://home.mcafee.com/advicecenter/?id=ad_cybercrime_huifcc

  7. The Register, Italian crooks use Skype to frustrate wiretaps (2009)

    Google Scholar 

  8. Europol, Threat Assessment - Italian organised crime (2013)

    Google Scholar 

  9. Simon, M., Slay, J.: Voice over IP: Forensic computing implications (2006)

    Google Scholar 

  10. Simon, M., Slay, J.: Investigating modern communication technologies: the effect of internet-based communication technologies on the investigation process. J. Digital Forensics Secur. Law 6(4), 35–62 (2011)

    Google Scholar 

  11. Kiley, M., Dankner, S., Rogers, M.: Forensic analysis of volatile instant messaging. In: Ray, I., Shenoi, S. (eds.) Advances in Digital Forensics IV, vol. 285, pp. 129–138. Springer, USA (2008)

    Chapter  Google Scholar 

  12. Simon, M., Slay, J.: Recovery of skype application activity data from physical memory. In: 2010 International Conference on Availability, Reliability and Security, pp. 283–288, February 2010

    Google Scholar 

  13. Vidas, T., Zhang, C., Christin, N.: Toward a general collection methodology for Android devices. Digit. Invest. 8, S14–S24 (2011)

    Article  Google Scholar 

  14. Alghafli, K., Jones, A., Martin, T.: Guidelines for the digital forensic processing of smartphones. In: 9th Australian Digital Forensics Conference, vol. 1, pp. 1–8 (2011)

    Google Scholar 

  15. Carpene, C.: Looking to iPhone backup files for evidence extraction. In: Proceedings of the 9th Australian Digital Forensics Conference, pp. 16–32 (2011)

    Google Scholar 

  16. Tso, Y.-C., Wang, S.-J., Huang, C.-T., Wang, W.-J.: iPhone social networking for evidence investigations using iTunes forensics. In: Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication - ICUIMC 2012, p. 1 (2012)

    Google Scholar 

  17. Sebastian Schrittwieser, E.R.W., Fruehwirt, P., Kieseberg, P., Leithner, M., Mulazzani, M., Huber, M.: Guess who’s texting you? evaluating the security of smartphone messaging applications. In: Proceeding of: Network and Distributed System Security Symposium (NDSS 2012) (2012)

    Google Scholar 

  18. Chu, H., Yang, S., Wang, S., Park, J.: The partial digital evidence disclosure in respect to the instant messaging embedded in viber application regarding an android smart phone. In: Proceedings of the 4th FTRA International Conference on Information Technology Convergence and Services (ITCS 2012), pp. 171–178 (2012)

    Google Scholar 

  19. Mahajan, A., Dahiya, M., Sanghvi, H.: Forensic analysis of instant messenger applications on android devices. Int. J. Comput. Appl. 68(8), 38–44 (2013)

    Google Scholar 

  20. Leung, C., Chan, Y.: Network forensic on encrypted peer-to-peer voip traffics and the detection, blocking, and prioritization of skype traffics. In: Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 1–6 (2007)

    Google Scholar 

  21. Aouad, L-M., Tahar Kechadi, M., Trentesaux, J., Le-Khac, N-A.: An Open Framework for Smartphone Evidence Acquisition. In: IFIP International Conference on Digital Forensics, pp. 159–166 (2012)

    Google Scholar 

  22. Xyologic Mobile Analysis GmbH, IM application usage statistics. http://xyo.net/

  23. Wall Street Journal, WhatsApp Surpasses 250 Million Active Users. http://blogs.wsj.com/digits/2013/06/20/whatsapp-surpasses-250-million-active-users/

  24. The Verge, Viber expands to PC and Mac as competitors preach ‘mobile only’. www.theverge.com/2013/5/7/4305350/viber-pc-and-mac-apps-200-million-users

  25. Microsoft, Earnings Release FY13 Q1. http://www.microsoft.com /investor/EarningsAndFinancials/Earnings/PressReleaseAndWebcast/FY13/Q1/default.aspx

  26. Digital Trends, Messaging app Tango steps into social network status with new photo filters and 100 M users

    Google Scholar 

  27. EDPS Glossary - Traffic Data

    Google Scholar 

  28. Location Data - ICO. http://www.ico.org.uk/for_organisations/ privacy_and_electronic_communications/ the_guide/location_data

  29. Skype Forensic Artifacts. http://forensicartifacts.com/2010/08/skype/

  30. Chu, H.-C., Deng, D.-J., Chao, H.-C.: The digital forensics of portable electronic communication devices based on a Skype IM session of a pocket PC for NGC. Wireless Commun. Mob. Comput. 11, 211–225 (2011)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Europol, Eisenhowerlaan 73, 2517 KK, The Hague, Netherlands

    Christos Sgaras

  2. School of Computer Science & Informatics, University College Dublin Belfield, Dublin 4, Ireland

    M-Tahar Kechadi & Nhien-An Le-Khac

Authors
  1. Christos Sgaras
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M-Tahar Kechadi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nhien-An Le-Khac
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nhien-An Le-Khac .

Editor information

Editors and Affiliations

  1. Indian Statistical Institute, Kolkata, India

    Utpal Garain

  2. School of Electrical Engineering and Computer Science, National University of Sciences and Technology, Islamabad, Pakistan

    Faisal Shafait

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Sgaras, C., Kechadi, MT., Le-Khac, NA. (2015). Forensics Acquisition and Analysis of Instant Messaging and VoIP Applications. In: Garain, U., Shafait, F. (eds) Computational Forensics. IWCF IWCF 2012 2014. Lecture Notes in Computer Science(), vol 8915. Springer, Cham. https://doi.org/10.1007/978-3-319-20125-2_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-20125-2_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-20124-5

  • Online ISBN: 978-3-319-20125-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation