![]() However, with each new app comes the possibility of poor security. To connect the users, geolocation is often utilized. With today’s world revolving around online interaction, dating applications (apps) are a prime example of how people are able to discover and converse with others that may share similar interests or lifestyles. The goal of this paper is to fill this gap by presenting a forensic approach to analyze forensic artifacts of Riot.im and the Matrix protocol. Yet, there is very little research in literature on the Matrix protocol forensics. ![]() However, because the Matrix protocol and the Riot.im application are very new, there is a knowledge gap when it comes to investigators in relation to the forensic acquisition and analysis of Riot.im application and the Matrix protocol. ![]() In addition, the number of users who are using the public Matrix protocol-based servers is also increasing. In recent years many organizations started using the Matrix protocol to setup and manage their own IM platforms. One of the new recent open source ones is the Matrix protocol with the first stable version released in 2019 and the IM application based on this protocol is "Riot.im". Over the last few decades IM has become more and more popular with varied protocols, both open source and closed source. Instant messaging (IM) has been around for decades now. The contributions of this research include a comprehensive description of artefacts, which are of forensic interest, for each app analysed. The results in this paper show a detailed analysis of forensic files of interest which can be correlated to identify the local user’s multiple IM accounts and contact list, contents of messages exchanged with contacts, deleted files, time, and dates in the order of their occurrence. We analysed each app’s storage locations for forensic artefacts and how they can be used in a forensic investigation. We identified databases maintained by each app and external Secure Digital (SD) card directories that store local copies of user metadata. In this paper, we present a forensic analysis of the artefacts generated on Android smartphones by Conversations and Xabber apps. In the quest for a panacea to ensure digital privacy, many users have switched to using decentralized open-source Extensible Messaging and Presence Protocol (XMPP) multi-client instant messaging (IM) apps for secure end-to-end communication. As a result, the proposed strategy significantly facilitates extraction of the app’s behavior from encrypted network traffic which can then be used as supportive evidence for forensic investigation. Furthermore, a detailed analysis of the trace files can help to create a list of chat servers and IP addresses of involved parties in the events. By adopting the proposed strategy, the forensic investigator can easily detect encrypted traffic activities such as chatting, media messages, audio, and video calls by looking at the payload patterns. The analysis of the installed app was conducted over fully encrypted network traffic. This study aims to provide a network forensic strategy to identify the potential artifacts from the encrypted network traffic of the prominent social messenger app Signal (on Android version 9). During an investigation, the provision of end-to-end encryption in apps increases the complexity for digital forensics investigators. Ill-intentioned individuals and groups use these security services to their advantage by using the apps for criminal, illicit, or fraudulent activities. Apps with security provisions are able to provide confidentiality through end-to-end encryption. Instant messaging applications (apps) have played a vital role in online interaction, especially under COVID-19 lockdown protocols. The results are valid for IMO 9.8.00 on Android and 7.0.55 on iOS. We have also compared IMO network traffic of Android and iOS platforms to report the subtle differences. Our results outline that we can correctly detect IMO traffic flows and classify different events of its chat andĬall related activities. Along with this the paper defines a new method of using a firewall to explore the obscured options of connectivity, and in a way which is independent of the protocol used by the IMO client and server. The novel aspect of the work is the extensive analysis of encrypted network traffic generated by IMO. ![]() This was generated for both Android and iOS platforms. This paper explores important artifacts from both the device and from the network traffic. IMO is a popular application which employs encryption for both call and chat activities. There are thus many smart phone applications that employ encryption to store and/or transmit data, and this can add a layer of complexity for an investigator. Smart phones often leave behind a wealth of information that can be used as an evidence during an investigation.
0 Comments
Leave a Reply. |