WhatsApp network forensics: Decrypting and understanding the WhatsApp call signaling messages

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F15%3APU117055" target="_blank" >RIV/00216305:26230/15:PU117055 - isvavai.cz</a>

Výsledek na webu

<a href="http://www.fit.vutbr.cz/research/pubs/all.php?id=10979" target="_blank" >http://www.fit.vutbr.cz/research/pubs/all.php?id=10979</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1016/j.diin.2015.09.002" target="_blank" >10.1016/j.diin.2015.09.002</a>

Jazyk výsledku

angličtina

Název v původním jazyce

WhatsApp network forensics: Decrypting and understanding the WhatsApp call signaling messages

Popis výsledku v původním jazyce

WhatsApp is a widely adopted mobile messaging application with over 800 million users. Recently, a calling feature was added to the application and no comprehensive digital forensic analysis has been performed with regards to this feature at the time of writing this paper. In this work, we describe how we were able to decrypt the network trac and obtain forensic artifacts that relate to this new calling feature which included the: a) WhatsApp phone numbers, b) Whats- App server IPs, c) WhatsApp audio codec (Opus), d) WhatsApp call duration, and e) WhatsApp's call termination. We explain the methods and tools used to decrypt the trac as well as thoroughly elaborate on our ndings with respect to the WhatsApp signaling messages. Furthermore, we also provide the community with a tool that helps in the visualization of the WhatsApp protocol messages.

Název v anglickém jazyce

WhatsApp network forensics: Decrypting and understanding the WhatsApp call signaling messages

Popis výsledku anglicky

WhatsApp is a widely adopted mobile messaging application with over 800 million users. Recently, a calling feature was added to the application and no comprehensive digital forensic analysis has been performed with regards to this feature at the time of writing this paper. In this work, we describe how we were able to decrypt the network trac and obtain forensic artifacts that relate to this new calling feature which included the: a) WhatsApp phone numbers, b) Whats- App server IPs, c) WhatsApp audio codec (Opus), d) WhatsApp call duration, and e) WhatsApp's call termination. We explain the methods and tools used to decrypt the trac as well as thoroughly elaborate on our ndings with respect to the WhatsApp signaling messages. Furthermore, we also provide the community with a tool that helps in the visualization of the WhatsApp protocol messages.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2015

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Digital Investigation

ISSN

1742-2876

e-ISSN

1873-202X

Svazek periodika

2015

Číslo periodika v rámci svazku

15

Stát vydavatele periodika

NL - Nizozemsko

Počet stran výsledku

11

Strana od-do

110-118

Kód UT WoS článku

000366160500011

EID výsledku v databázi Scopus

2-s2.0-84944128455