Článek v časopise

KARPÍŠEK Filip, BAGGILI Ibrahim a BREITINGER Frank. WhatsApp network forensics: Decrypting and understanding the WhatsApp call signaling messages. Digital Investigation. 2015, roč. 2015, č. 15, s. 110-118. ISSN 1742-2876.
Jazyk publikace:angličtina
Název publikace:WhatsApp network forensics: Decrypting and understanding the WhatsApp call signaling messages
Název (cs):Forenzní analýza WhatsApp: dešifrování a význam signálních zpráv
Strany:110-118
Místo vydání:US
Rok:2015
Časopis:Digital Investigation, roč. 2015, č. 15, US
ISSN:1742-2876
DOI:10.1016/j.diin.2015.09.002
Soubory: 
+Typ Jméno Název Vel. Poslední změna
iconWhatsApp.pdf1,58 MB2015-10-13 07:32:42
^ Vybrat vše
S vybranými:
Klíčová slova
WhatsApp, reverse engineering, proprietary protocol, signaling protocols, network forensics, decryption, mobile forensics, digital forensics, cyber security, audio encoding
Anotace
WhatsApp is a widely adopted mobile messaging application with over 800 million users. Recently, a calling feature was
added to the application and no comprehensive digital forensic analysis has been performed with regards to this feature
at the time of writing this paper. In this work, we describe how we were able to decrypt the network trac and obtain
forensic artifacts that relate to this new calling feature which included the: a) WhatsApp phone numbers, b) Whats-
App server IPs, c) WhatsApp audio codec (Opus), d) WhatsApp call duration, and e) WhatsApp's call termination.
We explain the methods and tools used to decrypt the trac as well as thoroughly elaborate on our ndings with
respect to the WhatsApp signaling messages. Furthermore, we also provide the community with a tool that helps in the
visualization of the WhatsApp protocol messages.č
BibTeX:
@ARTICLE{
   author = {Filip Karp{\'{i}}{\v{s}}ek and Ibrahim Baggili and
	Frank Breitinger},
   title = {WhatsApp network forensics: Decrypting and
	understanding the WhatsApp call signaling messages},
   pages = {110--118},
   journal = {Digital Investigation},
   volume = 2015,
 number = 15,
   year = 2015,
   ISSN = {1742-2876},
   doi = {10.1016/j.diin.2015.09.002},
   language = {english},
   url = {http://www.fit.vutbr.cz/research/view_pub.php.cs?id=10979}
}

Vaše IPv4 adresa: 3.227.233.6
Přepnout na https