Figure 2 - uploaded by Jill Slay
Content may be subject to copyright.
presents the RTP packet header format. In RTP, the Synchronization Source (SSRC) field identifies the source of the synchronization (e.g., computer clock). The Contributing Source (CSRC) field identifies the source of the individual contributions that make up the single data stream payload for the packet. It is not necessary to use RTP to participate in a VoIP call. VoIP applications such as Skype do not use RTP; X-Lite, on the other hand, uses RTP. RTP provides a means for a VoIP client to reassemble and synchronize packets.
Source publication
The Voice over Internet Protocol (VoIP) is designed for voice communications over IP networks. To use a VoIP service, an individual only needs a user name for identification. In comparison, the public switched telephone network requires detailed information from a user before creating an account. The limited identity information requirement makes V...
Similar publications
The number of VoIP users in Indonesia is very low, although the cost offered by VoIP is smaller than using pulsed phone. One of the reason is security provided by the VoIP service provider is still lacking. VoIP users have not received yet the security service to ensure the security of communications. This study tries to secure communications betwe...
Citations
... The four most fundamental criteria that influence the quality of VoIP or video stream communication became the subject of each communication's investigation. [3] Packet loss is the most crucial connectivity parameter directly related to the quality and reliability of the network. The second monitored parameter is Max Delta, which indicates the time that separates the previous packet in the stream and the current packet. ...
Voice transmission over the Internet network is now taken for granted. Many end-user applications address this issue. However,
this paper focuses on the specific use of the SCCP protocol created by Cisco, its implementation in a computer network and end
devices, determination of the operational properties of this implementation, and their comparison in different conditions. VoIP traffic
is compared at different bandwidths and implemented by different configurations of IP protocols. By investigated implementations of
IP protocols are meant IPv4, IPv6, and IPv4 protocol with applied NAT. As part of the application of various IP protocols is also
compared VoIP communication with a video stream on a local basis. The conclusion of the paper is devoted to the graphical evaluation
of these observations and to draw conclusions based on them.
... They developed a GUI for their experiment to save time and make the procedure easier. Irwin et al. [10], [11] presented the idea of analysis of volatile and non-volatile memory which has allowed extending and discovering evidence related to VoIP. Here, the vital artefacts can be detected based on the used protocols, especially UDP and RTP. ...
The reliability of forensic analysis tools is a critical element when conducting a Voice over Internet Protocols (VoIP) forensic investigation. Recently, various methods and tools that investigate the digital forensic through volatile memory have come to the existence. Several advanced digital forensic tools have been developed that include practical ways of assisting the investigation of VoIP forensic cases. In practical, the collection of digital evidence pieces remained in Random Access Memory (RAM) should be displayed in the result along with a range of options regarding the case requirements. Another possibility is that searching for all types of protocols might be slow, and sometimes may not lead to beneficial results. This paper carefully attends to the VoIP forensic investigation, including it into two parts. Firstly, it determines the most proper forensic tools that can be applied in VoIP forensic investigation. Secondly, it conducts a comparison among forensic investigations tools, such as capture tools, like Belkasoft RAM Capture, Magnet Capture v1.0, DumpIt Capture, and FTK Image. Also, forensic analysis tools, like Forensic Explorer, FTK v6.0, X-Way Forensics, Belkasoft, and Magnet IEF. The classification of each tool is based on certain criteria such as interface convenience and usability, properties that are related to VoIP forensic, processing analysis time, technical support and needed skills, and the acquisition of a meaningful data relative to VoIP.
... Irwin and Slay [26] presented one of the most useful attempts up to that time. In their work, they proposed the idea of analyzing the RAM for discovering evidence related to VoIP usage. ...
Voice over Internet Protocol (VoIP) is one of the highly used applications for voice and data communication purposes. The convenience of using VoIP applications, its acceptable quality, and the relatively low cost of usage have made it a potential replacement for landline and cellular communication. Along with these advantages, the vulnerability of using VoIP is usually considered the most cumbersome con. Various researchers have investigated VoIP risk issues; yet, a very limited research has approached VoIP from digital forensic perspective. A survey of the prominent research proposals and methods that presented VoIP forensic within their context is provided in this paper. In addition, a contemporary discussion on trends for improving VoIP forensic is given in this paper to formulate directions for new and useful research in the area of VoIP forensic.
... Irwin and Slay [26] presented one of the most useful attempts up to that time. In their work, they proposed the idea of analyzing the RAM for discovering evidence related to VoIP usage. ...
Voice over Internet Protocol (VoIP) is one of the highly used applications for voice and data communication purposes. The convenience of using VoIP applications, its acceptable quality, and the relatively low cost of usage have made it a potential replacement for landline and cellular communication. Along with these advantages, the vulnerability of using VoIP is usually considered the most cumbersome con. Various researchers have investigated VoIP risk issues; yet, a very limited research has approached VoIP from digital forensic perspective. A survey of the prominent research proposals and methods that presented VoIP forensic within their context is provided in this paper. In addition, a contemporary discussion on trends for improving VoIP forensic is given in this paper to formulate directions for new and useful research in the area of VoIP forensic.
... The figure 5 shows the connection between a Skype client and a telephone user in PSTN user. The connection between Skype client and PSTN gateway will be accomplished through VoIP protocol which is obviously an unencrypted digital connection [9,13]. The communication path which we consider is marked with red line in the figure. ...
... Tracing the Ports Used in RTP: Initial Skype handshake connection is analyzed to identify the ports used by the Skype client for RTP transfer [13]. Once ports are identified, all such VoIP packets are analyzed and extracted. ...
Skype is a secure internet telephonic application which establishes
connection between its clients through a peer-to-peer architecture. The connection
between Skype client to its server and other clients uses an encrypted channel that
uses Transport layer Security (TLS) protocol. At the same time, connection
between Skype client and Public Switch telephone Network (PSTN) gateway is
accomplished through unencrypted digital channel using Voice over Internet
Protocol (VoIP). The encrypted channels in the Skype communication make
forensic analysis frameworks to work badly in decrypting the traffic and procuring
critical forensic details of the network stream against intruders and cyber
criminals. Furthermore, policy violations and unbound usage of Skype VoIP
communication over PSTN users waste the network bandwidth. Here we propose
a sophisticated Skype forensic framework that collects forensic information by
decrypting the Skype client-server communication along with recreating voice
content in the Skype to PSTN VoIP communication. We also propose an efficient
packet reconstruction algorithm powered by time stamping technique for
regenerating malicious content from payloads of the Skype network stream
followed by supporting prosecution of policy violators and cyber criminals in the
court of law.
... In our proposed work it is demonstrated that this information can be obtained by mining the SDP headers which can be collected locally, without the need for network operator collaboration thus saving on administrative overheads. Irwin and Slay (2011) developed an application that searches for VoIP artefacts in the computer's volatile memory. They showed that real-time transport protocol (RTP) conversations can be reconstructed with a significant probability of success from the data residing in RAM. ...
In this paper, we perform an analysis of SIP, a popular voice over IP (VoIP) protocol and propose a framework for capturing and analysing volatile VoIP data in order to determine forensic readiness requirements for effectively identifying an attacker. The analysis was performed on real attack data and the findings were encouraging. It seems that if appropriate forensic readiness processes and controls are in place, a wealth of evidence can be obtained. The type of the end user equipment of the internal users, the private IP, the software that is used can help build a reliable baseline information database. On the other hand the private IP addresses of the potential attacker even during the presence of NAT services, as well as and the attack tools employed by the malicious parties are logged for further analysis.
Incident handling strategy is one key strategy to mitigate risks to the confidentiality, integrity and availability (CIA) of organisation assets, as well as minimising loss (e.g. financial, reputational and legal) particularly as organisations move to the cloud. In this paper, we surveyed existing incident handling and digital forensic literature with the aims of contributing to the knowledge gap(s) in handling incidents in the cloud environment. 139 English language publications between January 2009 and May 2014 were located by searching various sources including the websites of standard bodies (e.g. National Institute of Standards and Technology) and academic databases (e.g. Google Scholar, IEEEXplore, ACM Digital Library, Springer and ScienceDirect). We then propose a conceptual cloud incident handling model that brings together incident handling, digital forensic and the Capability Maturity Model for Services to more effectively handle incidents for organisations using the cloud. A discussion of open research issues concludes this survey.
