Skip to main content

A method for forensic artifact collection, analysis and incident response in environments running Session Initiation Protocol (SIP) and Session Description protocol.

Tools

Katos, V., Psaroudakis, I., Saragiotis, P. and Mitrou, L., 2014. A method for forensic artifact collection, analysis and incident response in environments running Session Initiation Protocol (SIP) and Session Description protocol. International Journal of Electronic Security and Digital Forensics, 6 (4), 241-267.

Full text available as:

[img]
Preview
 PDF
2014_ijesdf.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.
531kB

Copyright to original material in this document is with the original owner(s). Access to this content through BURO is granted on condition that you use it only for research, scholarly or other non-commercial purposes. If you wish to use it for any other purposes, you must contact BU via BURO@bournemouth.ac.uk.

Any third party copyright material in this document remains the property of its respective owner(s). BU grants no licence for further use of that third party material.

DOI: 10.1504/IJESDF.2014.065737

Abstract

In this paper, we perform an analysis of SIP, a popular voice over IP (VoIP) protocol and propose a framework for capturing and analysing volatile VoIP data in order to determine forensic readiness requirements for effectively identifying an attacker. The analysis was performed on real attack data and the findings were encouraging. It seems that if appropriate forensic readiness processes and controls are in place, a wealth of evidence can be obtained. The type of the end user equipment of the internal users, the private IP, the software that is used can help build a reliable baseline information database. On the other hand the private IP addresses of the potential attacker even during the presence of NAT services, as well as and the attack tools employed by the malicious parties are logged for further analysis.

Item Type:Article
ISSN:1751-911X
Uncontrolled Keywords:network forensics; session initiation protocol; SIP; VoIP forensics; intrusion detection systems; IDSs; network logging.
Group:Faculty of Science & Technology
ID Code:24348
Deposited By: Symplectic RT2
Deposited On:02 Aug 2016 09:02
Last Modified:14 Mar 2022 13:57

Downloads

Downloads per month over past year

More statistics for this item...
Repository Staff Only -