View in EDS

A framework for digital forensics of encrypted real-time network traffic, instant messaging, and VoIP application case study.

Saved in:

Bibliographic Details
Title:	A framework for digital forensics of encrypted real-time network traffic, instant messaging, and VoIP application case study.
Authors:	Abd Elmonsef Sarhan, Soliman¹ (AUTHOR) Soliman.sarhan90@gmail.com, Youness, Hassan A.¹ (AUTHOR) hassan_youness@mu.edu.eg, Bahaa-Eldin, Ayman M.² (AUTHOR) ayman.bahaa@eng.asu.eg
Source:	Ain Shams Engineering Journal. Sep2023, Vol. 14 Issue 9, pN.PAG-N.PAG. 1p.
Subjects:	Computer network traffic, Digital forensics, Instant messaging, Forensic sciences, Internet content, Instant messaging software, Internet traffic
Abstract:	Digital forensics is one of the prime professional fields for law enforcement forces. It is also a major active research topic in the cybersecurity field. Internet traffic and content analysis are leading tasks within this research area. Most of the internet traffic is now encrypted, making the traditional analysis of contents impossible. In this paper, we proposed a novel framework and methodology to extract a valuable set of information from encrypted traffic of Instant Messages and Voice Over IP applications. The presented framework enables the analysts to detect, classify and analyze encrypted traffic (typing, chatting, media transmission of audio and video calls, etc.). The provided framework was tested by taking over 30 trace files of these activities and looking at some specific payload patterns. The proposed methodology's results enable investigators to detect and extract application user behavior that can be used as evidence for a forensics investigation. Also, it shows that a valuable set of information can be extracted from encrypted WhatsApp and Telegram traffic. [ABSTRACT FROM AUTHOR]
	Copyright of Ain Shams Engineering Journal is the property of Elsevier B.V. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database:	Engineering Source

Description
Abstract:	Digital forensics is one of the prime professional fields for law enforcement forces. It is also a major active research topic in the cybersecurity field. Internet traffic and content analysis are leading tasks within this research area. Most of the internet traffic is now encrypted, making the traditional analysis of contents impossible. In this paper, we proposed a novel framework and methodology to extract a valuable set of information from encrypted traffic of Instant Messages and Voice Over IP applications. The presented framework enables the analysts to detect, classify and analyze encrypted traffic (typing, chatting, media transmission of audio and video calls, etc.). The provided framework was tested by taking over 30 trace files of these activities and looking at some specific payload patterns. The proposed methodology's results enable investigators to detect and extract application user behavior that can be used as evidence for a forensics investigation. Also, it shows that a valuable set of information can be extracted from encrypted WhatsApp and Telegram traffic. [ABSTRACT FROM AUTHOR]
ISSN:	20904479
DOI:	10.1016/j.asej.2022.102069