Document Type

Article

Publication Date

10-10-2015

Subject: LCSH

Cyber forensics, Computer forensics, Mobile device forensics

Disciplines

Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security

Abstract

WhatsApp is a widely adopted mobile messaging application with over 800 million users. Recently, a calling feature was added to the application and no comprehensive digital forensic analysis has been performed with regards to this feature at the time of writing this paper. In this work, we describe how we were able to decrypt the network traffic and obtain forensic artifacts that relate to this new calling feature which included the: a) WhatsApp phone numbers, b) WhatsApp server IPs, c) WhatsApp audio codec (Opus), d) WhatsApp call duration, and e) WhatsApp's call termination. We explain the methods and tools used to decrypt the traffic as well as thoroughly elaborate on our findings with respect to the WhatsApp signaling messages. Furthermore, we also provide the community with a tool that helps in the visualization of the WhatsApp protocol messages.

Comments

Dr. Ibrahim Baggili was appointed to the University of New Haven's Elder Family Endowed Chair in 2015.

This is the peer reviewed version of the following article:F. Karpisek, I. Baggili, F. Breitinger, WhatsApp network forensics: Decrypting and understanding the WhatsApp call signaling messages, Digital Investigation, Dec. 2015, Vol. 15, pp. 110-118, which is published in final form at http://dx.doi.org/10.1016/j.diin.2015.09.002. This article may be used for non-commercial purposes in accordance with the CC/BY/NC/ND license.

DOI

10.1016/j.diin.2015.09.002

Publisher Citation

F. Karpisek, I. Baggili, F. Breitinger, WhatsApp network forensics: Decrypting and understanding the WhatsApp call signaling messages, Digital Investigation, Available online 10 October 2015, ISSN 1742-2876, http://dx.doi.org/10.1016/j.diin.2015.09.002.

Download

Check your library

Share

COinS