applied sciences Article Encrypted Network Traffic Analysis of Secure Instant Messaging Application: A Case Study of Signal Messenger App Asmara Afzal 1, Mehdi Hussain 1,*, Shahzad Saleem 1,2, M. Khuram Shahzad 1, Anthony T. S. Ho 3,4 and Ki-Hyun Jung 5,* 1 Department of Computing, School of Electrical Engineering and Computer Science, National University of Sciences and Technology, Islamabad 44000, Pakistan;
[email protected] (A.A.);
[email protected] (S.S.);
[email protected] (M.K.S.) 2 Department of Cybersecurity, College of Computer Science and Engineering, University of Jeddah, Jeddah 23218, Saudi Arabia 3 Department of Computer Science, University of Surrey, Guildford GU27XH, UK;
[email protected] 4 Department of Computer Science and Technology, Tianjin University of Science and Technology, Tianjin 300222, China 5 Department of Cyber Security, Kyungil University, Gyeongbuk 38424, Korea * Correspondence:
[email protected] (M.H.);
[email protected] (K.-H.J.) Abstract: Instant messaging applications (apps) have played a vital role in online interaction, es- pecially under COVID-19 lockdown protocols. Apps with security provisions are able to provide confidentiality through end-to-end encryption. Ill-intentioned individuals and groups use these security services to their advantage by using the apps for criminal, illicit, or fraudulent activities. During an investigation, the provision of end-to-end encryption in apps increases the complexity for digital forensics investigators. This study aims to provide a network forensic strategy to identify the Citation: Afzal, A.; Hussain, M.; potential artifacts from the encrypted network traffic of the prominent social messenger app Signal Saleem, S.; Shahzad, M.K.; Ho, A.T.S.; (on Android version 9).