Notifications
Clear all

skype forensics

9 Posts
8 Users
0 Likes
650 Views
(@youcefb9)
Posts: 38
Eminent Member
Topic starter
 

I would like to have your experience/encounter in analysing skype data.

post mortem analysis
————————-
where do you look for evidential data regarding chats, voice, file transfer.

live analysis
————–
if you want to investigate a like case of skype where you have access to the suspect computer how do you tap into his contacts converstations (chats) without them knowing that you are online. the main point here is no to draw the attention of the contacts who are already authorised to have your status.

 
Posted : 31/03/2006 6:14 pm
itcentral
(@itcentral)
Posts: 23
Eminent Member
 

I have briefly looked at this and found that the chat histories seem to be stored in

%system disk%\Documents and Settings\%loginname%\Application Data\Skype\%skype-login%\chatsync

with a directory for each chat that has been established. Viewing the .dat file shows the parties in the chat

Contacts, call and chat histories are also in the .dbb files in the Skype\%skype-login% folder

hope that's of some use

paul

 
Posted : 02/04/2006 12:55 am
(@youcefb9)
Posts: 38
Eminent Member
Topic starter
 

paul, thanks for the feed.

it seems that that are scarce resources on the subject which warrant a full research into it.

the capability of skype in traversing firewalls and NAT applications is starting to show its teeth in the corporate world and will pose a challenge for forensic analysts.

youcef

 
Posted : 02/04/2006 9:56 pm
(@belkasoft)
Posts: 169
Estimable Member
 

paul, thanks for the feed.

it seems that that are scarce resources on the subject which warrant a full research into it.

the capability of skype in traversing firewalls and NAT applications is starting to show its teeth in the corporate world and will pose a challenge for forensic analysts.

youcef

Belkasoft has a tool which can recover Skype chat history from .dbb, .db and chatsync .dat files.

 
Posted : 08/04/2010 1:53 pm
PaulSanderson
(@paulsanderson)
Posts: 651
Honorable Member
 

You could also look at SkypeAlyzer

 
Posted : 08/04/2010 2:41 pm
(@rampage)
Posts: 354
Reputable Member
 

newer versions of skype use .db files, wich are sqlite3

 
Posted : 09/04/2010 3:55 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

http//www.lmgtfy.com/?q=skype+forensics

 
Posted : 12/04/2010 5:00 pm
(@douglasbrush)
Posts: 812
Prominent Member
 

http//www.forensicswiki.org/wiki/Skype

 
Posted : 12/04/2010 10:28 pm
(@drdebonair)
Posts: 25
Eminent Member
 

You could try looking at a tool called SkypeLogView made by NirSoft, it gathers all the information you could need from the DB file and can export it in many formats.

 
Posted : 13/04/2010 12:37 am
Share: