On the other hand, network forensics is a type of forensic analysis where the reconstruction of events is performed after an incident or cybercrime. As a result, the proposed strategy significantly facilitates extraction of the app’s behavior from encrypted network traffic which can then be used as supportive evidence for forensic investigation. Furthermore, a detailed analysis of the trace files can help to create a list of chat servers and IP addresses of involved parties in the events.
By adopting the proposed strategy, the forensic investigator can easily detect encrypted traffic activities such as chatting, media messages, audio, and video calls by looking at the payload patterns. The analysis of the installed app was conducted over fully encrypted network traffic. This study aims to provide a network forensic strategy to identify the potential artifacts from the encrypted network traffic of the prominent social messenger app Signal (on Android version 9). During an investigation, the provision of end-to-end encryption in apps increases the complexity for digital forensics investigators. Ill-intentioned individuals and groups use these security services to their advantage by using the apps for criminal, illicit, or fraudulent activities.
Apps with security provisions are able to provide confidentiality through end-to-end encryption. Instant messaging applications (apps) have played a vital role in online interaction, especially under COVID-19 lockdown protocols.
0 kommentar(er)
