Network Forensic Analysis of Secure Instant Messaging Application: A Case Study of Signal Ap

Abstract

Instant Messaging applications (apps) have played a vital role in online interaction, especially during COVID-19 lockdowns. Apps with security provisions are able to provide confidentiality through end-to-end encryption. Ill motivated individuals and groups use these security services to their advantage thereby using the apps for crimes of various nature. During an investigation, the provision of end-to-end encryption in apps increases the complexity for digital forensics investigators. This study aims to provide a network forensic strategy to identify the potential artifacts from encrypted network traffic of a prominent social messenger app Signal on android ver sion 9. The analysis of the installed app has been done over fully encrypted network traffic. By adopting the proposed strategy one can easily detect encrypted traffic of chat, media messages, audio, video calls by looking at the payload patterns. Detailed analysis of the trace files helped to create list of chat servers, IP addresses of involved parties in the events. Analysis of the presented forensic analysis app is applicable to android mobile devices.