Litcius/Paper detail

WhatsApp Network Forensics: Discovering the IP Addresses of Suspects

Waqas Ahmed, Faisal Shahzad, Abdul Rehman Javed, Farkhund Iqbal, Liaqat Ali

202135 citationsDOI

Abstract

Call record analysis is the most critical task for the Law Enforcement Agencies (LEAs) in a cyber-investigation process. It provides valuable information in the investigation, such as time and date and the duration of incoming and outgoing calls. The technological advancement of smartphones and the versatility of Instant Messaging (IM) applications provide multiple communication channels to cybercriminals for communication, making it difficult for the LEAs to monitor/investigate using traditional forensics tools and techniques. The most challenging part is to retrieve specific information from the network traffic of a particular IM Application such as WhatsApp. This research article's primary purpose is to find the IP address of the cybercriminal using WhatsApp through existing sniffing techniques and tools. A method called rule-based extraction for sniffing packets is proposed for extracting the most relevant data from the network traffic. The results support LEAs to identify the cybercriminals' specific traffic and help in analyzing and comparing the mobile phone data with the network traffic.

Topics & Concepts

Computer scienceNetwork forensicsLaw enforcementHoneypotNetwork packetProcess (computing)Task (project management)Computer securityInstant messagingDeep packet inspectionMobile phoneComputer networkDigital forensicsTelecommunicationsManagementOperating systemLawEconomicsPolitical scienceInternet Traffic Analysis and Secure E-votingAdvanced Malware Detection TechniquesUser Authentication and Security Systems