Authors: Alejandro Villegas, Cihan Varol

Abstract:

Voice over Internet Protocol (VoIP) products is an emerging technology that can contain forensically important information for a criminal activity. Without having the user name and passwords, this forensically important information can still be gathered by the investigators. Although there are a few VoIP forensic investigative applications available in the literature, most of them are particularly designed to collect evidence from the Skype product. Therefore, in order to assist law enforcement with collecting forensically important information from variety of Betamax VoIP tools, CVOIP-FRU framework is developed. CVOIP-FRU provides a data gathering solution that retrieves usernames, contact lists, as well as call and SMS logs from Betamax VoIP products. It is a scripting utility that searches for data within the registry, logs and the user roaming profiles in Windows and Mac OSX operating systems. Subsequently, it parses the output into readable text and html formats. One superior way of CVOIP-FRU compared to the other applications that due to intelligent data filtering capabilities and cross platform scripting back end of CVOIP-FRU, it is expandable to include other VoIP solutions as well. Overall, this paper reveals the exploratory analysis performed in order to find the key data paths and locations, the development stages of the framework, and the empirical testing and quality assurance of CVOIP-FRU.

Keywords: Betamax, digital forensics, report utility, VoIP, VoIP Buster, VoIPWise.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1091146

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 3079

References:

[1] In-Stat. "VoIP Penetration Forecast to Reach 79% of U.S. Businesses by 2012”, Scottsdale, Arizona. http://www.instat.com/newmk.asp?ID=2721
[2] J.C., Pelaez,. "Using Misuse Patterns for VoIP Steganalysis", 20th International Workshop on Database and Expert Systems Application, pp. 160-164, August 31- September 4, 2009.
[3] J.C. Pelaez, E.B. Fernandez. "VoIP Network Forensic Patterns", Fourth International Multi-Conference on Computing in the Global Information Technology, pp. 175-180, August 23-39, 2009
[4] Computing Now. "Researchers Demonstrate that Eavesdropping on Encrypted VoIP is Possible”, http://www.computer.org/portal/web/news/home/-/blogs/researchers-demonstrate-that-eavesdropping-on-encrypted-voip-is-possible;jsessionid=f9d2ca28b6bd88d3649426247ce1?_33_redirect=%2Fportal%2Fweb%2Fnews%2Fhome%2F-%2Fblogs%2F
[5] J. Kahn. "Mumbai Terrorists Relied on New Technology for Attacks”, New York Times. http://www.nytimes.com/2008/12/09/world/asia/ 09mumbai.html
[6] Betamax. http://www.betamax.com/about.php
[7] W.A. Aziz, S.H. Elramly, and M.M. Ibrahim. "VoIP Quality Optimization in IP-Multimedia Subsystem (IMS)", Second International Conference on Computational Intelligence, Modelling and Simulation, pp. 546-552, September 28-30, 2010.
[8] T. Yang, K. Zheng, and Y. Yang. "A Novel VoIP Flooding Detection Method Basing on Call Duration", 2010 First International Conference on Pervasive Computing, Signal Processing and Applications, pp. 1158-1162, September 17-19, 2010.
[9] K. Ting, F. Kuo, B. Hwang, H.C. Wang, and C. Tseng. "A Power-Saving and Robust Point Coordination Function for the Transmission of VoIP over 802.11", International Symposium on Parallel and Distributed Processing with Applications, pp. 283-289, September 6-9, 2010.
[10] M. Naeem, V. Namboodiri, and R. Pendse, R. "Energy implication of various VoIP codecs in portable devices", 2010 IEEE 35th Conference on Local Computer Networks, pp. 196-199, October 10-24, 2010.
[11] T. Zourzouvillys, E. Rescorla. "An Introduction to Standards-Based VoIP: SIP, RTP, and Friends," IEEE Internet Computing, pp. 69-73, 2010.
[12] A.D. Keromytis. "Voice-over-IP Security: Research and Practice", IEEE Security and Privacy, pp. 76-78, 2010.
[13] S. Phithakkitnukoon, R. Dantu, and E. Baatarjav, E. "VoIP Security - Attacks and Solutions", Information Security Journal: A Global Perspective. Volume 17, no. 3: 114-123. 2008
[14] C. Leung Y. Chan. "Network Forensic on Encrypted Peer-to-Peer VoIP Traffics and the Detection, Blocking, and Prioritization of Skype Traffics", 16th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2007), pp. 401-408, June 18-20, 2007
[15] R.C. Dodge. "Skype Fingerprint", 41st Annual Hawaii International Conference on System Sciences (HICSS 2008), pp. 485, January 07-10, 2008.
[16] Ethical Hacker. http://www.ethicalhacker.net/content/view/127/24/
[17] Ghacks. http://www.ghacks.net/2008/11/22/skype-log-view/
[18] M. Simon, J. Slay. "Recovery of Skype Application Activity Data from Physical Memory", 2010 International Conference on Availability, Reliability and Security, pp. 283-288, February 15-18, 2010
[19] H. Tienan M. Xiantu and L. Mingjie. "A New Dynamic Self-adaptive Diffluence Algorithm for VoIP Gateway of Intelligrid", Third International Conference on Measuring Technology and Mechatronics Automation, pp. 147-149, January 6-7, 2011
[20] W. Chen, T. Wu. "IPv6 VoIP Deployment on Taiwan Academic Network (TANet)", 2011 IEEE Workshops of International Conference on Advanced Information Networking and Applications, pp. 795-799, March 22-25, 2011
[21] I. Lin, Y. Yen, B. Wu, and H. Wang. "VoIP Digital Evidence Forensics Standard Operating Procedure (DEFSOP)", International Conference on Broadband, Wireless Computing, Communication and Applications, pp. 407-412, November 4-6, 2010.
[22] A. Orebaugh, G. Ramirez, J. Beale, and J. Wright. "Wireshark & Ethereal Network Protocol Analyzer Toolkit”, Publisher: Syngress, 448 Pages, ISBN: 1597490733, 2007.
[23] C. Varol, J. Talburt. "Pattern and Phonetic Based Street Name Misspelling Correction”, 8th International Conference on Information Technology: New Generations (ITNG 2011), pp. 553-558. April 11-13, 2011, Las Vegas, Nevada, USA
[24] H. Qizhi, C. Qi, Y. Kai, and Y. Zhuping. "Design for New Kind of Low Rate Speech Codec in VoIP", International Conference on Intelligent System Design and Engineering Application, pp. 548-551, October 13-14, 2010