Research Output
Forensics study of IMO call and chat app.
  Smart phones often leave behind a wealth of information that can be used as an evidence during an investigation. There are thus many smart phone applications that employ encryption to store and/or transmit data, and this can add a layer of complexity for an investigator. IMO is a popular application which employs encryption for both call and chat activities. This paper explores important artifacts from both the device and from the network traffic. This was generated for both Android and iOS platforms. The novel aspect of the work is the extensive analysis of encrypted network traffic generated by IMO. Along with this the paper defines a new method of using a firewall to explore the obscured options of connectivity, and in a way which is independent of the protocol used by the IMO client and server. Our results outline that we can correctly detect IMO traffic flows and classify different events of its chat and call related activities. We have also compared IMO network traffic of Android and iOS platforms to report the subtle differences. The results are valid for IMO 9.8.00 on Android and 7.0.55 on iOS.

  • Type:

    Article

  • Date:

    25 April 2018

  • Publication Status:

    Published

  • Publisher

    Elsevier BV

  • DOI:

    10.1016/j.diin.2018.04.006

  • Cross Ref:

    S1742287618300094

  • ISSN:

    1742-2876

  • Library of Congress:

    QA75 Electronic computers. Computer science

  • Dewey Decimal Classification:

    005.8 Data security

  • Funders:

    Edinburgh Napier Funded

Citation

Sudozai, M., Saleem, S., Buchanan, W. J., Habib, N., & Zia, H. (2018). Forensics study of IMO call and chat app. Digital Investigation, https://doi.org/10.1016/j.diin.2018.04.006

Authors

Keywords

IMO, Encryption, Android;iOS, Network forensic, Device forensic,

Monthly Views:

Available Documents