Publication result detail

WhatsApp network forensics: Decrypting and understanding the WhatsApp call signaling messages

KARPÍŠEK, F.; BAGGILI, I.; BREITINGER, F.

Original Title

WhatsApp network forensics: Decrypting and understanding the WhatsApp call signaling messages

English Title

WhatsApp network forensics: Decrypting and understanding the WhatsApp call signaling messages

Type

WoS Article

Original Abstract

WhatsApp is a widely adopted mobile messaging application with over 800 million users. Recently, a calling feature was
added to the application and no comprehensive digital forensic analysis has been performed with regards to this feature
at the time of writing this paper. In this work, we describe how we were able to decrypt the network trac and obtain
forensic artifacts that relate to this new calling feature which included the: a) WhatsApp phone numbers, b) Whats-
App server IPs, c) WhatsApp audio codec (Opus), d) WhatsApp call duration, and e) WhatsApp's call termination.
We explain the methods and tools used to decrypt the trac as well as thoroughly elaborate on our ndings with
respect to the WhatsApp signaling messages. Furthermore, we also provide the community with a tool that helps in the
visualization of the WhatsApp protocol messages.

English abstract

WhatsApp is a widely adopted mobile messaging application with over 800 million users. Recently, a calling feature was
added to the application and no comprehensive digital forensic analysis has been performed with regards to this feature
at the time of writing this paper. In this work, we describe how we were able to decrypt the network trac and obtain
forensic artifacts that relate to this new calling feature which included the: a) WhatsApp phone numbers, b) Whats-
App server IPs, c) WhatsApp audio codec (Opus), d) WhatsApp call duration, and e) WhatsApp's call termination.
We explain the methods and tools used to decrypt the trac as well as thoroughly elaborate on our ndings with
respect to the WhatsApp signaling messages. Furthermore, we also provide the community with a tool that helps in the
visualization of the WhatsApp protocol messages.

Keywords

WhatsApp, reverse engineering, proprietary protocol, signaling protocols, network forensics, decryption, mobile forensics, digital forensics, cyber security, audio encoding

Key words in English

WhatsApp, reverse engineering, proprietary protocol, signaling protocols, network forensics, decryption, mobile forensics, digital forensics, cyber security, audio encoding

Authors

KARPÍŠEK, F.; BAGGILI, I.; BREITINGER, F.

RIV year

2016

Released

19.09.2015

ISBN

1742-2876

Periodical

Digital Investigation

Volume

2015

Number

15

State

Kingdom of the Netherlands

Pages from

110

Pages to

118

Pages count

11

URL

https://www.fit.vut.cz/research/publication/10979/

BibTex

@article{BUT119912,
  author="Filip {Karpíšek} and Ibrahim {Baggili} and Frank {Breitinger}",
  title="WhatsApp network forensics: Decrypting and understanding the WhatsApp call signaling messages",
  journal="Digital Investigation",
  year="2015",
  volume="2015",
  number="15",
  pages="110--118",
  doi="10.1016/j.diin.2015.09.002",
  issn="1742-2876",
  url="https://www.fit.vut.cz/research/publication/10979/"
}

Documents

WhatsApp