Abstract:
Instant Messaging applications (apps) have played a vital role in online interaction, especially during COVID-19 lockdowns. Apps with security provisions are able to provide confidentiality through end-to-end encryption.
Ill motivated individuals and groups use these security services to their advantage thereby using the apps for crimes of various nature. During an
investigation, the provision of end-to-end encryption in apps increases the
complexity for digital forensics investigators. This study aims to provide a
network forensic strategy to identify the potential artifacts from encrypted
network traffic of a prominent social messenger app Signal on android ver sion 9. The analysis of the installed app has been done over fully encrypted
network traffic. By adopting the proposed strategy one can easily detect encrypted traffic of chat, media messages, audio, video calls by looking at the
payload patterns. Detailed analysis of the trace files helped to create list of
chat servers, IP addresses of involved parties in the events. Analysis of the
presented forensic analysis app is applicable to android mobile devices.
