VOICE OVER INTERNET PROTOCOL (VOIP) NETWORK FORENSICS AND SECURITY: A COMPREHENSIVE SYNTHESIS OF DIGITAL INVESTIGATION TECHNIQUES, TRAFFIC ANALYSIS, AND EMERGING CHALLENGES

Vaishnavi Raut; Kapil Shukla; Krishna Modi

doi:10.29121/digisecforensics.v3.i1.2026.81

Authors

Vaishnavi Raut B.Sc.–M.Sc. Integrated Course in Forensic Science with Specialization in Cyber Forensics, the National Forensic Sciences University, Gandhinagar, India
Kapil Shukla Assistant Professor, School of Forensic Science, National Forensic Sciences University, Gandhinagar, Gujarat, India https://orcid.org/0000-0002-9078-9425
Dr. Krishna Modi National Forensic Sciences University, India

DOI:

https://doi.org/10.29121/digisecforensics.v3.i1.2026.81

Keywords:

Memory Forensics, Digital Forensics, Network Forensics, Traffic Analysis, Behavioral Detection, Mobile Application Forensics, VoIP Security, Artifact Recovery

Abstract

Voice over Internet Protocol (VOIP) has changed the way people communicate all over the world because it provides people with flexible and inexpensive alternatives to the traditional telephony. But this change presents complicated security and forensic issues that require expert investigation techniques. This review sees a significant shift in the open-standard protocol analysis towards the application-specific study of encrypted proprietary platforms including Zoom, Discord and Microsoft Teams. Memory forensics is now capable of retrieving volatile evidence found in RAM and machine learning has improved the detection of encrypted traffic to more than 95 percent. There are still persistent problems with real-time evidence collection, cross-platform compatibility and compatibility against developing encryption standards. The upcoming studies aim at automation, privacy preserving methods of investigation, and quantum resistant security models that would address the new forensic requirements.

References

Al-Saadawi, H., and Varol, A. (2017). Voice Over IP Forensic Approaches: A Review. IEEE Xplore, 1–6. https://doi.org/10.1109/ISDFS.2017.7916507 DOI: https://doi.org/10.1109/ISDFS.2017.7916507

Al-Saleh, M., and Forihat, Y. A. (2013). Skype Forensics in Android Devices. International Journal of Computer Applications, 78(7), 38–44. https://doi.org/10.5120/13504-1253 DOI: https://doi.org/10.5120/13504-1253

Alo, U. R., and Firday, N. H. (2013). Voice Over Internet Protocol (VoIP): Overview, Direction and Challenges. International Journal of Science and Technology, 2(3), 199–205.

Anwar, U., Shabbir, G., and Ali, M. A. (2014). Data Analysis and Summarization to Detect Illegal VOIP Traffic with Call Detail Records. International Journal of Computer Applications, 89(8), 1–7. https://doi.org/10.5120/15519-2724 DOI: https://doi.org/10.5120/15519-2724

Arshad, M., Ahmad, A., Onn, C. W., and Sam, E. A. (2025). Investigating Methods for Forensic Analysis of Social Media Data to Support Criminal Investigations. Frontiers in Computer Science, 7, Article 1566513. https://doi.org/10.3389/fcomp.2025.1566513 DOI: https://doi.org/10.3389/fcomp.2025.1566513

Azad, M. A., Morla, R., and Salah, K. (2018). Systems and Methods for SPIT Detection in VOIP: Survey and Future Directions. Computers and Security, 77, 1–20. https://doi.org/10.1016/j.cose.2018.03.005 DOI: https://doi.org/10.1016/j.cose.2018.03.005

Chakraborty, T., Ghosh, S., Barik, S., Kar, S., and Chatterjee, S. (2020). VoIP-HDK: A Novel Channel Allocation Technique for QOS-Aware VOIP Communication Over Heterogeneous Networks. Procedia Computer Science, 171, 62–71. https://doi.org/10.1016/j.procs.2020.04.007 DOI: https://doi.org/10.1016/j.procs.2020.04.007

Chaudhari, G., Korde, P., Patil, S., and Bhongal, R. (2023). VOIP-Based Intelligence Calling System. International Journal of Advanced Research in Science, Communication and Technology, 3(7), 1–6.

Chetry, A., and Sharma, U. (2024). Investigating VOIP Calls: Law Enforcement Perspective. INFOCOMP Journal of Computer Science, 23(2).

Eriksson, G. A. P., Olin, B., Svanbro, K., and Turina, D. (2000). The Challenges of Voice-Over-IP-Over-Wireless. Ericsson Review, 1, 20–31.

Federal Communications Commission. (2019). Voice Over Internet Protocol (VOIP).

Freire, E., Ziviani, A., and Salles, R. (2008). Detecting VOIP Calls Hidden in Web Traffic. IEEE Transactions on Network and Service Management, 5(4), 204–214. https://doi.org/10.1109/TNSM.2009.041102 DOI: https://doi.org/10.1109/TNSM.2009.041102

Gupta, K., Lanka, P., and Varol, C. (2024). A Holistic Digital Forensic Analysis of Discord: Storage, Memory, and Network Perspectives. Journal of Forensic Sciences, 69(4), 1320–1333. https://doi.org/10.1111/1556-4029.15548 DOI: https://doi.org/10.1111/1556-4029.15548

Iqbal, F., Khalid, Z., Marrington, A., Shah, B., and Hung, P. C. (2022). Forensic Investigation of Google Meet for Memory and Browser Artifacts. Forensic Science International: Digital Investigation, 43, 301448. https://doi.org/10.1016/j.fsidi.2022.301448 DOI: https://doi.org/10.1016/j.fsidi.2022.301448

Irwin, D., Dadej, A., and Slay, J. (2012). Extraction of Electronic Evidence from VoIP: Identification and Analysis of Digital Speech. Journal of Digital Forensics, Security and Law, 7(1). https://doi.org/10.15394/jdfsl.2012.1128 DOI: https://doi.org/10.15394/jdfsl.2012.1128

Irwin, D., Slay, J., Dadej, A., and Shore, M. (2011). Extraction of Electronic Evidence from VOIP: Forensic Analysis of a Virtual Hard Disk vs RAM. Journal of Digital Forensics, Security and Law, 6(3). https://doi.org/10.15394/jdfsl.2011.1086 DOI: https://doi.org/10.15394/jdfsl.2011.1086

Irwin, D., and Slay, J. (2011). Extracting Evidence Related to VOIP Calls. In IFIP Advances in Information and Communication Technology (221–228). https://doi.org/10.1007/978-3-642-24212-0_17 DOI: https://doi.org/10.1007/978-3-642-24212-0_17

Javed, A. R., Ahmed, W., Alazab, M., Jalil, Z., Kifayat, K., and Gadekallu, T. R. (2022). A Comprehensive Survey on Computer Forensics: State of the Art, Tools, Techniques, Challenges, and Future Directions. IEEE Access, 10, 11065–11089. https://doi.org/10.1109/ACCESS.2022.3142508 DOI: https://doi.org/10.1109/ACCESS.2022.3142508

Kapoor, M., Napolitano, M., Quance, J., Moyer, T., and Krishnan, S. (2023). Detecting VOIP Data Streams: Approaches Using Hidden Representation Learning. Proceedings of the AAAI Conference on Artificial Intelligence, 37(13), 15519–15527. https://doi.org/10.1609/aaai.v37i13.26840 DOI: https://doi.org/10.1609/aaai.v37i13.26840

Khan, A., and Suryawanshi, R. (2019). Performance analysis of VOIP Codecs Under Variable Jitter and Delay Conditions. International Journal of Computer Applications, 178(43), 1–6. https://doi.org/10.5120/ijca2019918704

Kumar, V., and Roy, O. P. (2022). Enhanced Network Security for Improved Trustworthiness of VOIP Applications Via Cuckoo Search and Machine Learning. Indian Journal of Science and Technology, 15(15), 677–688. https://doi.org/10.17485/ijst/v15i15.1379 DOI: https://doi.org/10.17485/IJST/v15i15.1379

Mohemmed Sha, M., Manesh, T., and Abd El-atty, S. M. (2016). VOIP Forensic Analyzer. International Journal of Advanced Computer Science and Applications, 7(1). https://doi.org/10.14569/IJACSA.2016.070116 DOI: https://doi.org/10.14569/IJACSA.2016.070116

Olateju, A. I., Adenekan, O. A., and Abatan, T. T. (2019). Performance Evaluation of Voice Over Internet Protocol (VoIP) on Wired and Wireless Networks. Journal of Digital Innovations and Contemporary Research in Science, Engineering and Technology, 7(2), 87–100. https://doi.org/10.22624/AIMS/DIGITAL/V7N4P9

Rebahi, Y., Nassar, M., Magedanz, T., and Festor, O. (2011). A Survey on Fraud and Service Misuse in Voice Over IP (VOIP) Networks. Information Security Technical Report, 16(1), 12–19. https://doi.org/10.1016/j.istr.2010.10.012 DOI: https://doi.org/10.1016/j.istr.2010.10.012

Rebahi, Y., Ruppelt, R., Nassar, M., and Festor, O. (2013). SCAMSTOP: A Platform for Mitigating Fraud in VOIP Environments. In Proceedings of the International Conference on Network and Service Management. https://doi.org/10.4018/978-1-4666-1888-6.ch012 DOI: https://doi.org/10.4018/978-1-4666-1888-6.ch012

Saqib, N. A., Shakeel, Y., Khan, M. A., Mahmood, H., and Zia, M. (2017). An Effective Empirical Approach to VOIP Traffic Classification. Turkish Journal of Electrical Engineering and Computer Sciences, 25, 888–900. https://doi.org/10.3906/elk-1501-126 DOI: https://doi.org/10.3906/elk-1501-126

Sarhan, S. A. E., Youness, H. A., Bahaa-Eldin, A. M., and Taha, A. E. (2024). VoIP Network Forensics of Instant Messaging Calls. IEEE Access, 12, 9012–9024. https://doi.org/10.1109/ACCESS.2024.3352897 DOI: https://doi.org/10.1109/ACCESS.2024.3352897

Sarhan, S. A. E., Youness, H. A., and Bahaa-Eldin, A. M. (2022). A Framework for Digital Forensics of Encrypted Real-Time Network Traffic, Instant Messaging, and VOIP Application Case Study. Ain Shams Engineering Journal, 14(9), 102069. https://doi.org/10.1016/j.asej.2022.102069 DOI: https://doi.org/10.1016/j.asej.2022.102069

Sgaras, C., Kechadi, M., and Le-Khac, N. (2016). Forensics Acquisition and Analysis of Instant Messaging and VOIP applications. arXiv. https://doi.org/10.48550/arxiv.1612.00204 DOI: https://doi.org/10.1007/978-3-319-20125-2_16

Singh, S. (2024). Performance Improvement for VOIP-Based Systems. Wireless Personal Communications, 139(1), 145–166. https://doi.org/10.1007/s11277-024-11594-2 DOI: https://doi.org/10.1007/s11277-024-11594-2

Soni, N. (2025). Digital forensics: Confronting Modern Cybercrimes, Technological Advancements, and Future Challenges. Forensic Legal and Investigative Sciences, 11(1). https://doi.org/10.24966/flis-733x/100105 DOI: https://doi.org/10.24966/FLIS-733X/100105

Sreenivasulu, V., and Ravikumar, C. (2025). Fractal Net-Based Key Generation for Authentication in Voice Over IP Using Blockchain. Ain Shams Engineering Journal, 16(3), 103286. https://doi.org/10.1016/j.asej.2025.103286 DOI: https://doi.org/10.1016/j.asej.2025.103286

Tiwari, N. S. K. (2025). Forensic Analysis of Browser-Based Go To Meeting Clients: Uncovering Memory and Browser Artefacts. Journal of Information Systems Engineering and Management, 10(20s), 483–495. https://doi.org/10.52783/jisem.v10i20s.3172 DOI: https://doi.org/10.52783/jisem.v10i20s.3172

Toral-Cruz, H., Pathan, A. K., and Pacheco, J. C. R. (2011). Accurate Modeling of VOIP Traffic QoS Parameters in Current and Future Networks with Multifractal and Markov Models. Mathematical and Computer Modelling, 57(11–12), 2832–2845. https://doi.org/10.1016/j.mcm.2011.12.007 DOI: https://doi.org/10.1016/j.mcm.2011.12.007

Tresnadi, A. (2025, March 17). Decrypting Zoom Team Chat: Forensic Analysis of Encrypted Chat Databases. InfoSec Write-ups. April 14, 2025.

Tuleun, N. W. (2024). Design of an Asterisk-Based VOIP System and the Implementation of Security Solution Across the VOIP Network. World Journal of Advanced Research and Reviews, 23(1), 875–906. https://doi.org/10.30574/wjarr.2024.23.1.2048 DOI: https://doi.org/10.30574/wjarr.2024.23.1.2048

Wright, C. V., Ballard, L., Monrose, F., and Masson, G. M. (2007). Language Identification of Encrypted VOIP Traffic: Alejandra Y Roberto or Alice and Bob? In Proceedings of the USENIX Security Symposium.

Wu, C., Chen, K., Chang, Y., and Lei, C. (2008). Detecting VOIP Traffic Based on Human Conversation Patterns. In Lecture Notes in Computer Science (280–295). https://doi.org/10.1007/978-3-540-89054-6_14 DOI: https://doi.org/10.1007/978-3-540-89054-6_14

Yang, H., Yang, Z., Bao, Y., Liu, S., and Huang, Y. (2019). Fast Steganalysis Method for VoIP Streams. IEEE Signal Processing Letters, 27, 286–290. https://doi.org/10.1109/LSP.2019.2961610 DOI: https://doi.org/10.1109/LSP.2019.2961610

Yu, S., Li, B., Zhu, L., Zhang, H., Yang, S., Li, Z., and Feng, W. (2025). Tencent Meeting Forensics Based on Memory Reverse Analysis. PeerJ Computer Science, 11, e2963. https://doi.org/10.7717/peerj-cs.2963 DOI: https://doi.org/10.7717/peerj-cs.2963

Zhu, Y., and Fu, H. (2010). Traffic Analysis Attacks on Skype VOIP Calls. Computer Communications, 34(10), 1202–1212. https://doi.org/10.1016/j.comcom.2010.12.007 DOI: https://doi.org/10.1016/j.comcom.2010.12.007