Abstract
In recent years the usage of instant messaging (IM) has increased manifold. Recent reports show that law enforcement organizations are making requests for instant messaging information as a result of involvement in criminal activity. There can be multiple reasons for investigation of instant messenger histories. Among all issues, renown are involvement in fraudulent activities, social engineering, identity theft, spread of malicious software (worm) to circumvent innocent users or critical security devices, revealing IP address of correspondent for launching further attacks, IM spam and offensive material, in general for communicating with group members regarding corruption, target killing, gambling, kidnapping, theft, robbery, etc. In this paper, we focus on a unique case in which two group members of criminal network are communicating through IM aggregator (like Digsby) and using multiple IM protocols to complete a single conversation session instead of following a traditional single IM client such as Yahoo Messenger for whole conversation. We propose a method to identify that multiple IM protocols are used for single conversation session and describe how to establish a sequence of collected messages. An analysis of volatile memory is performed to collect the remnants of whole or partial conversation, as supportive or actual evidence.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Antoniou, G., & Batten, L. (2011). E-commerce: Protecting purchaser privacy to enforce trust. Electronic Commerce Research, 11(4), 421–456.
Baset, S. A., & Schulzrinne, H. (2004). An analysis of the skype peer-to-peer internet telephony protocol. http://www1.cs.columbia.edu/~salman/publications/skype1_4.pdf.
Belkasoft. (2009). Forensic investigation of instant messenger histories. http://www.forensicfocus.com/forensic-investigation-of-instant-messenger-histories.
Carvey, H. (2004). Instant messaging investigations on a live Windows XP system. Digital Investigation, 1(4), 256–260.
Castañeda, J. A., & Montoro, F. J. (2007). The effect of Internet general privacy concern on customer behavior. Electronic Commerce Research, 7(2), 117–141.
Dankner, S., Rogers, M., & Kiley, M. (2010). Forensic analysis of volatile instant messaging. International Federation for Information Processing Digital Library, 285(1), 129–138.
Dewes, C., Wichmann, A., Feldmann, A. (2003). An analysis of Internet chat systems. In Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement (pp. 51–64).
Dickson, M. (2006). An examination into AOL Instant Messenger 5.5 contact identification. Digital Investigation, 3(4), 227–237.
Dickson, M. (2006). An examination into MSN Messenger 7.5 contact identification. Digital Investigation, 3(2), 79–83.
Dickson, M. (2007). An examination into Trillian basic 3. x contact identification. Digital Investigation, 4(1), 36–45.
Dickson, M. (2006). An examination into Yahoo Messenger 7.0 contact identification. Digital Investigation, 3(3), 159–165.
Gao, Y., & Cao, T. (2010). Memory forensics for QQ from a live system. Journal of Computers, 5(4), 541–548.
Gavish, B., & Tucci, C. L. (2006). Fraudulent auctions on the Internet. Electronic Commerce Research, 6(2), 127–140.
Goel, L., & Prokopec, S. (2009). If you build it will they come?–An empirical investigation of consumer perceptions and strategy in virtual worlds. Electronic Commerce Research, 9(1–2), 115–134.
Husain, M. I., & Sridhar, R. (2010). iForensics: forensic analysis of instant messaging on smart phones. Digital Forensics and Cyber Crime, 31, 9–18.
Levendoski, M., Rogers, M., & Huff, P. (2011). Yahoo messenger forensics for Windows Vista and Windows 7. CERIAS: Purdue University.
Lim, K. S., Savoldi, A., Lee, C., & Lee, S. (2012). On-the-spot digital investigation by means of LDFS: Live data forensic system. Mathematical and Computer Modelling, 55(1), 223–240.
Meehan, A., Manes, G., Davis, L., Hale, J., & Shenoi, S. (2001). Packet sniffing for automated chat room monitoring and evidence preservation. Workshop on Information Assurance and Security, 2, 1045.
Parsonage, H. (2008). The forensic recovery of instant messages from MSN messenger and windows live messenger. http://ebooks6.com/The-Forensic-Recovery-of-Instant-Messages-from-MSN-Messenger-and-download-w14055.pdf
Patton, M., & Jøsang, A. (2004). Technologies for trust in electronic commerce. Electronic Commerce Research, 4(1–2), 9–21.
Reust, J. (2006). Case study: AOL instant messenger trace evidence. Digital Investigation, 3(4), 238–243.
Smith, R., & Shao, J. (2007). Privacy and e-commerce: A consumer-centric perspective. Electronic Commerce Research, 7(2), 89–116.
Valvi, A. C., & Fragkos, K. C. (2012). Critical review of the e-loyalty literature: A purchase-centred framework. Electronic Commerce Research, 12(3), 331–378.
Van Dongen, W. S. (2007). Forensic artefacts left by Pidgin Messenger 2.0. Digital Investigation, 4(3), 138–145.
Van Dongen, W. S. (2007). Forensic artefacts left by Windows Live Messenger 8.0. Digital Investigation, 4(2), 73–87.
Acknowledgments
This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (grant number 2013R1A1A2059864).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Yasin, M., Kausar, F., Aleisa, E. et al. Correlating messages from multiple IM networks to identify digital forensic artifacts. Electron Commer Res 14, 369–387 (2014). https://doi.org/10.1007/s10660-014-9145-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10660-014-9145-4