VoIP evidence model: A new forensic method for investigating VoIP malicious attacks

Although the invention of Voice over Internet Protocol (VoIP) in communication technology created significant attractive services for its users, it also brings new security threats. Criminals exploit these security threats to perform illegal activities such as VoIP malicious attacks, this will require digital forensic investigators to detect and provide digital evidence. Finding digital evidence in VoIP malicious attacks is the most difficult task, due to its associated features with converged network. In this paper, a Model of investigating VoIP malicious attacks is proposed for forensic analysis. The model formalizes hypotheses through information gathering and adopt a Secure Temporal Logic of Action(S-TLA+) in the process of reconstructing potential attack scenario. Through this processes, investigators can uncover unknown attack scenario executed in the process of attack. Subsequently, it is expected that the findings of this paper will provide clear description of attacks as well as generation of more specified evidences.