VoIP Network Forensics of Instant Messaging Calls

Digital forensics is a prime professional field for law enforcement organizations. This is a major active research topic in the field of cybersecurity. Although traffic and content analysis are leading tasks in this field, most Internet traffic is now encrypted, rendering traditional content analysis impossible. Instant messaging (IM) applications have become increasingly popular for communication between individuals and groups. However, IM conversations can be used for illicit activities such as planning criminal activities or exchanging sensitive information. In such cases, law enforcement agencies may need to perform VoIP forensics to identify suspects involved in the conversations. This study proposes a network forensic approach (NFA) for correlating IM calls to identify suspects' IP addresses. This approach involves capturing and analyzing IM call data, correlating the data with other network traffic, and using the correlation to identify suspects' IP addresses. The proposed approach was tested on real-world IM call data and yielded promising results. The network forensics approach for VoIP is superior to other approaches that require physical access to end-user devices, making NFA suitable for early crime detection and in situations where the devices may have been destroyed or burnt. The proposed method achieved a success rate of 92.5% for identifying voice IM calls and providing information about the participants involved in the calls.