WhatsApp network forensics: Discovering the communication payloads behind cybercriminals

Fuching Tsai, En-Cih Chang, Da-Yu Kao
{"title":"WhatsApp network forensics: Discovering the communication payloads behind cybercriminals","authors":"Fuching Tsai, En-Cih Chang, Da-Yu Kao","doi":"10.23919/ICACT.2018.8323881","DOIUrl":null,"url":null,"abstract":"The ubiquity of instant messaging (IM) apps on smart phones have provided criminals to communicate with channels which are difficult to decode. Investigators and analysts are increasingly experiencing large data sets when conducting cybercrime investigations. Call record analysis is one of the critical criminal investigation strategies for law enforcement agencies (LEAs). The aim of this paper is to investigate cybercriminals through network forensics and sniffing techniques. The main difficulty of retrieving valuable information from specific IM apps is how to recognize the criminal' IP address records on the Interne t. This paper proposes a packet filter framework to WhatsApp communication patterns from huge collections of network packets in order to locate criminal's identity more effectively. A rule extraction method in sniffing packets is proposed to retrieve relevant attributes from high dimensional analysis regarding to geolocation and pivot table. The results can support LEAs in discovering criminal communication payloads, as well as facilitating the effectiveness of modern call record analysis. It will be helpful for LEAs to prosecute cybercriminals and bring them to justice.","PeriodicalId":228625,"journal":{"name":"2018 20th International Conference on Advanced Communication Technology (ICACT)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 20th International Conference on Advanced Communication Technology (ICACT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/ICACT.2018.8323881","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5

Abstract

The ubiquity of instant messaging (IM) apps on smart phones have provided criminals to communicate with channels which are difficult to decode. Investigators and analysts are increasingly experiencing large data sets when conducting cybercrime investigations. Call record analysis is one of the critical criminal investigation strategies for law enforcement agencies (LEAs). The aim of this paper is to investigate cybercriminals through network forensics and sniffing techniques. The main difficulty of retrieving valuable information from specific IM apps is how to recognize the criminal' IP address records on the Interne t. This paper proposes a packet filter framework to WhatsApp communication patterns from huge collections of network packets in order to locate criminal's identity more effectively. A rule extraction method in sniffing packets is proposed to retrieve relevant attributes from high dimensional analysis regarding to geolocation and pivot table. The results can support LEAs in discovering criminal communication payloads, as well as facilitating the effectiveness of modern call record analysis. It will be helpful for LEAs to prosecute cybercriminals and bring them to justice.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
WhatsApp网络取证:发现网络罪犯背后的通信负载
智能手机上无处不在的即时通讯(IM)应用程序为犯罪分子提供了难以破译的渠道。调查人员和分析人员在进行网络犯罪调查时,越来越多地遇到大型数据集。通话记录分析是执法机关重要的刑侦策略之一。本文的目的是通过网络取证和嗅探技术来调查网络罪犯。从特定IM应用程序中检索有价值信息的主要困难是如何识别互联网上罪犯的IP地址记录。本文提出了一个包过滤框架,从大量网络数据包中提取WhatsApp通信模式,以更有效地定位罪犯的身份。提出了一种嗅探包规则提取方法,从地理位置和数据透视表的高维分析中提取相关属性。研究结果可以支持情报机构发现犯罪通信有效载荷,并促进现代通话记录分析的有效性。这将有助于LEAs起诉网络罪犯并将他们绳之以法。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
A cooperative trilateration technique for object localization SvgAI — Training artificial intelligent agent to use SVG editor EEG-signals based cognitive workload detection of vehicle driver using deep learning What are the optimum quasi-identifiers to re-identify medical records? Customized embedded system design for lower limb rehabilitation patients
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1