Digital forensic analysis of encrypted database files in instant messaging applications on Windows operating systems: Case study with KakaoTalk, NateOn and QQ messenger

Choi, Jusop; Yu, Jaegwan; Hyun, Sangwon; Kim, Hyoungshick

doi:10.1016/j.diin.2019.01.011

Cited by 22 publications

(16 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The extraction of artifacts from Happn apps poses a personal security risk and can also result in privacy violations of various natures. Recently, Choi et al [13] analyzed the locations and file formats of personal data files in (KakaoTalk, NateOn, and QQ) instant messaging applications. They examined the encryption and decryption procedures for internal databases.…”

Section: Literature Reviewmentioning

confidence: 99%

“…Choi et al [13] 1, 11, x 6 of 24 network forensic analysis especially on encrypted network traffic for instant messaging apps. A comparison of existing work can be seen in Table 1.…”

Section: Xmentioning

confidence: 99%

“…In literature, numerous strategies of device forensics based on social media apps have already been proposed and are also useful, and have their merits and demerits [5][6][7][8][9][10][11]. Some of them also investigated encrypted databases and file structures to identify the evidence [12,13]. However, device forensic strategies cannot be fully utilized in the case of end-to-end encryption on the user's or the app's data [5,7,10,11,[13][14][15].…”

Section: Introductionmentioning

confidence: 99%

“…Some of them also investigated encrypted databases and file structures to identify the evidence [12,13]. However, device forensic strategies cannot be fully utilized in the case of end-to-end encryption on the user's or the app's data [5,7,10,11,[13][14][15]. It was also observed during the literature review phase that IM applications are extensively analyzed but limited to the device's internal structure of databases.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Encrypted Network Traffic Analysis of Secure Instant Messaging Application: A Case Study of Signal Messenger App

et al. 2021

View full text Add to dashboard Cite

Instant messaging applications (apps) have played a vital role in online interaction, especially under COVID-19 lockdown protocols. Apps with security provisions are able to provide confidentiality through end-to-end encryption. Ill-intentioned individuals and groups use these security services to their advantage by using the apps for criminal, illicit, or fraudulent activities. During an investigation, the provision of end-to-end encryption in apps increases the complexity for digital forensics investigators. This study aims to provide a network forensic strategy to identify the potential artifacts from the encrypted network traffic of the prominent social messenger app Signal (on Android version 9). The analysis of the installed app was conducted over fully encrypted network traffic. By adopting the proposed strategy, the forensic investigator can easily detect encrypted traffic activities such as chatting, media messages, audio, and video calls by looking at the payload patterns. Furthermore, a detailed analysis of the trace files can help to create a list of chat servers and IP addresses of involved parties in the events. As a result, the proposed strategy significantly facilitates extraction of the app’s behavior from encrypted network traffic which can then be used as supportive evidence for forensic investigation.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

“…Choi et al [13] 1, 11, x 6 of 24 network forensic analysis especially on encrypted network traffic for instant messaging apps. A comparison of existing work can be seen in Table 1.…”

Section: Xmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Encrypted Network Traffic Analysis of Secure Instant Messaging Application: A Case Study of Signal Messenger App

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Banyaknya kejahatan siber yang terjadi pada aplikasi instant messaging menunjukkan aplikasi tersebut memiliki kerentanan (vulnerability) dari segi keamanannya [7]. Pesan chat pengguna yang dapat diakuisisi oleh pelaku cybercrime merupakan salah satu contoh vulnerability pada artefak digital aplikasi instant messaging itu sendiri [8] [9]. Hal ini tentunya menjadi kekhawatiran tersendiri bagi para pengguna aplikasi instant messaging khususnya yang berbasis web, karena dari aplikasi tersebut pelaku cybercrime dapat dengan mudah mengakuisisi artefak digital milik korban tanpa perlu menggunakan smartphone korban [10].…”

Section: Pendahuluanunclassified

Comparative Security Analysis of Web-Based Instant Messaging Applications

Riadi¹,

Umar²,

Aziz³

2020

RESTI

View full text Add to dashboard Cite

Web-based instant messaging applications vulnerability has become one of the main concerns for its users in line with the increasing number of cybercrimes that occur on social media. This research was conducted to determine the comparability of the vulnerability value of the web-based WhatsApp, Telegram, and Skype applications using the Association of Chief Police Officers (ACPO) method. Digital artifacts in the form of text messages, picture messages, video messages, telephone numbers, and user IDs have been acquired in this research process using FTK imager and OSForensic tools. The results of the study using the FTK imager and OSForensic tools show that the web-based Skype application has a vulnerability value of 92%, while WhatsApp and Web-based Telegram have the same vulnerability value with 67% each based on all digital artifacts that successfully acquired.

show abstract

A framework for digital forensics of encrypted real-time network traffic, instant messaging, and VoIP application case study

Sarhan

Youness

Bahaa-Eldin

2023

Ain Shams Engineering Journal

View full text Add to dashboard Cite

Digital forensic analysis of encrypted database files in instant messaging applications on Windows operating systems: Case study with KakaoTalk, NateOn and QQ messenger

Cited by 22 publications

References 5 publications

Encrypted Network Traffic Analysis of Secure Instant Messaging Application: A Case Study of Signal Messenger App

Encrypted Network Traffic Analysis of Secure Instant Messaging Application: A Case Study of Signal Messenger App

Comparative Security Analysis of Web-Based Instant Messaging Applications

A framework for digital forensics of encrypted real-time network traffic, instant messaging, and VoIP application case study

Contact Info

Product

Resources

About