• DocumentCode
    2488715
  • Title

    Digital forensics in VoIP networks

  • Author

    Francois, Jérôme ; State, Radu ; Engel, Thomas ; Festor, Olivier

  • Author_Institution
    Interdiscipl. Center for Security, Reliability & Trust, Univ. of Luxembourg, Luxembourg, Luxembourg
  • fYear
    2010
  • fDate
    12-15 Dec. 2010
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    With VoIP being deployed on large scale, forensic analysis of captured VoIP traffic is of major practical interest. In this paper, we present a new fingerprinting approach that identifies the types of devices (name, version, brand, series) in captured VoIP traffic. We focus only on the signaling plane and discard voice related data. Although we consider only one signaling protocol for the illustration, our tool relies on structural information trees and can easily be adapted to any protocol of that has a known syntax. We have integrated our tool within the well known tshark application in order to provide an easy to use support for forensic analysts.
  • Keywords
    Internet telephony; computer forensics; computer network security; fingerprint identification; signalling protocols; telecommunication traffic; VoIP network; VoIP traffic; digital forensic; fingerprinting; signaling protocol; structural information tree; tshark application; Accuracy; Forensics; Grammar; Protocols; Sensitivity; Syntactics; Training;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Forensics and Security (WIFS), 2010 IEEE International Workshop on
  • Conference_Location
    Seattle, WA
  • Print_ISBN
    978-1-4244-9078-3
  • Type

    conf

  • DOI
    10.1109/WIFS.2010.5711450
  • Filename
    5711450
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2488715