You are here

Forensic Acquisition and Analysis of Tango VoIP


Nhien-An Le-Khac, Christos Sgaras, Tahar Kechadi

Publication Type: 
Refereed Conference Meeting Proceeding
The advent of the Internet has significantly transformed the daily activities of millions of people, with one of them being the way people communicate where Instant Messaging (IM) and Voice over IP (VoIP) communications have become prevalent. Although IM applications are ubiquitous communication tools nowadays, it was observed that the relevant research on the topic of evidence collection from IM services was limited. The reason is an IM can serve as a very useful yet very dangerous platform for the victim and the suspect to communicate. Indeed, the increased use of Instant Messengers on smart phones has turned to be the goldmine for mobile and computer forensic experts. Traces and Evidence left by applications can be held on smart phones and retrieving those potential evidences with right forensic technique is strongly required. Recently, most research on IM forensics focus on applications such as WhatsApp, Viber and Skype. However, in the literature, there is no forensic analysis related to Tango, an IM on both iOS and Android platforms, even though the total users of this application already exceeded 100 million. Therefore, in this paper we present forensic acquisition and analysis of Tango VoIP for both iOS and Android platforms. We try to answer on how evidence can be collected when IM communications are used. We also define taxonomy of target artefacts in order to guide and structure the subsequent forensic analysis. Additionally to the forensic analysis, alternative sources of evidence were examined such as the possibility to clone an IM session and perform communication interception. Finally, a review of the information that can become available via the IM vendor was conducted. The achieved results of this research provided elaborative answers on the types of artefacts that can be identified by this IM application. We compare moreover the forensics analysis of Tango with two other popular IM: WhatApp and Viber.
Conference Name: 
International Conference on Challenges in IT, Engineering and Technology (ICCIET 2014)
International Conference on Challenges in IT, Engineering and Technology (ICCIET 2014)
Digital Object Identifer (DOI):
Publication Date: 
Conference Location: 
National University of Ireland, Dublin (UCD)
Open access repository: 
Publication document: