Notifications
Clear all

Skype Web data

6 Posts
4 Users
0 Likes
931 Views
(@bhoyfett)
Posts: 5
Active Member
Topic starter
 

Hi,

I've previously used AXIOM as an analysis tool for Skype however, I'm actually focussing on what appears to be Skype utilised in a web broswers.

Has anyone had any experience accessing data stored by Skype web?

There doesn't appear to be a main.db (that I can find) which is normally a go to file for the desktop app.

If anyone has any suggestions where to look and/or how to parse any such data I would be most grateful.

Cheers

BF

 
Posted : 05/03/2019 4:48 pm
(@mcman)
Posts: 189
Estimable Member
 

Unfortunately you're not going to get much outside the standard browser data when using a web app for any app including Skype. Databases and history rarely gets written to the disk in this scenario so I wouldn't expect you to get much in the way of chat history or anything like that. I would focus on your regular browser history such as web history/URLs (which may give you a timeframe of activity), cache records (for potential image evidence), etc… I would also check the default downloads locations for those browsers as they may be used if any files are downloaded or shared as well.

Web apps are designed to be temporary or for a shared computer where the user isn't frequently using the app. They typically have less functionality but the benefit is portability and you could log in from any computer. From an investigative standpoint, it's a pain because you loose a lot of the historical information when they're being used.

In general, you'll usually get evidence of the user using the particular app and maybe a rough timeline but forget about getting content or anything of substance beyond that.

Hope that helps,

Jamie McQuaid
Magnet Forensics

 
Posted : 05/03/2019 6:25 pm
(@bhoyfett)
Posts: 5
Active Member
Topic starter
 

Thanks Jamie

That was my original mindset until I stumbled across some keyword data relating to Skype in a .db file in Local Data.

You can make out some content pertinent to the case, I just wondered if I could utilise this .db file in anyway.

I'll keep plugging away.

Cheers

BF

 
Posted : 05/03/2019 7:47 pm
(@tootypeg)
Posts: 173
Estimable Member
 

Have you tried monitoring the cache on a test machine in real time whilst carrying out some test calls? I really like this sort of research. There are some really nice tools which will help you do this and you will get an idea very quickly of whats there

 
Posted : 05/03/2019 8:00 pm
Foxton Forensics
(@foxtonforensics)
Posts: 14
Active Member
 

A few years ago we found that Skype contact details were being cached by some browsers, so there's a chance you may find some useful data in the browser history
https://www.foxtonforensics.com/blog/post/analysing-skype-contacts-in-the-browser-cache

 
Posted : 05/03/2019 8:34 pm
(@tootypeg)
Posts: 173
Estimable Member
 

nice work. Would be interesting to actually see what is cached these days across lots of services

 
Posted : 06/03/2019 12:35 pm
Share: