WhatsApp Network Forensics: Discovering the IP Addresses of Suspects

Document Type

Conference Proceeding

Source of Publication

2021 11th IFIP International Conference on New Technologies, Mobility and Security (NTMS)

Publication Date

4-21-2021

Abstract

Call record analysis is the most critical task for the Law Enforcement Agencies (LEAs) in a cyber-investigation process. It provides valuable information in the investigation, such as time and date and the duration of incoming and outgoing calls. The technological advancement of smartphones and the versatility of Instant Messaging (IM) applications provide multiple communication channels to cybercriminals for communication, making it difficult for the LEAs to monitor/investigate using traditional forensics tools and techniques. The most challenging part is to retrieve specific information from the network traffic of a particular IM Application such as WhatsApp. This research article’s primary purpose is to find the IP address of the cybercriminal using WhatsApp through existing sniffing techniques and tools. A method called rule-based extraction for sniffing packets is proposed for extracting the most relevant data from the network traffic. The results support LEAs to identify the cybercriminals’ specific traffic and help in analyzing and comparing the mobile phone data with the network traffic.

ISBN

978-1-6654-4399-9

ISSN

2157-4960

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

Disciplines

Computer Sciences

Keywords

Freeware, Forensics, Telecommunication traffic, Instant messaging, Tools, Data mining, IP networks

Scopus ID

85107333857

Indexed in Scopus

yes

Open Access

no

Share

COinS