M.A.K. Sudozai
Forensics study of IMO call and chat app.
Sudozai, M.A.K.; Saleem, Shahzad; Buchanan, William J.; Habib, Nisar; Zia, Haleemah
Authors
Abstract
Smart phones often leave behind a wealth of information that can be used as an evidence during an investigation. There are thus many smart phone applications that employ encryption to store and/or transmit data, and this can add a layer of complexity for an investigator. IMO is a popular application which employs encryption for both call and chat activities. This paper explores important artifacts from both the device and from the network traffic. This was generated for both Android and iOS platforms. The novel aspect of the work is the extensive analysis of encrypted network traffic generated by IMO. Along with this the paper defines a new method of using a firewall to explore the obscured options of connectivity, and in a way which is independent of the protocol used by the IMO client and server. Our results outline that we can correctly detect IMO traffic flows and classify different events of its chat and call related activities. We have also compared IMO network traffic of Android and iOS platforms to report the subtle differences. The results are valid for IMO 9.8.00 on Android and 7.0.55 on iOS.
Citation
Sudozai, M., Saleem, S., Buchanan, W. J., Habib, N., & Zia, H. (2018). Forensics study of IMO call and chat app. Digital Investigation, https://doi.org/10.1016/j.diin.2018.04.006
| Journal Article Type | Article |
|---|---|
| Acceptance Date | Apr 18, 2018 |
| Online Publication Date | Apr 25, 2018 |
| Publication Date | Apr 25, 2018 |
| Deposit Date | May 11, 2018 |
| Journal | Digital Investigation |
| Print ISSN | 1742-2876 |
| Publisher | Elsevier |
| Peer Reviewed | Peer Reviewed |
| DOI | https://doi.org/10.1016/j.diin.2018.04.006 |
| Keywords | IMO, Encryption, Android;iOS, Network forensic, Device forensic, |
| Public URL | http://researchrepository.napier.ac.uk/Output/1165125 |
| Publisher URL | https://www.sciencedirect.com/science/article/pii/S1742287618300094 |
| Contract Date | May 16, 2018 |
You might also like
Securing IoT: Mitigating Sybil Flood Attacks with Bloom Filters and Hash Chains
(2024)
Journal Article
An omnidirectional approach to touch-based continuous authentication
(2023)
Journal Article
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search