We propose a collaborative forensics framework to trace back callers of VoIP services in a multi-network environment. The paper is divided into two parts. The first part discusses the critical components of SIP-based telephony and determines the information needed for traceback in single and multiple Autonomous Systems (ASs). The second part proposes the framework and the entities of collaborative forensics. We also propose an algorithm for merging collected data. The mechanism used to execute collaborative forensics with cooperating units is presented and the procedures used in the collaborative architecture are described. For every entity, we suggest some interesting topics for research.
Hsien-Ming Hsu, Yeali S. Sun, Meng Chang Chen