Hello Forensic Focus readers,
I’m a long time lurker of the forums, but a first time poster. I am doing a project on online messenger forensics. The problem is I’m having trouble coming across information pertaining to this topic. What I tend to find, even with searching forensic focus, is people looking for information. This leads me to believe I’m not using a adequate keyword search. The programs that I’m attempting to write about are anything that has documentation on forensic analysis. From my improper searches I believe I’ve found that Yahoo, and MSN seem to be the best, most common, and easiest to investigate.
I’m reaching out to the FF community for help. Within this past week I had 2 500GB HDD’s crash without apparent reason, after investigation it seems the HDD controller went bad. The problem with this is I’ve lost all of my previously researched sites, as well as information and the paper I had mostly done. I was wondering if anyone knew of a site, or a set of keywords that I could search that would help me to quickly get back to where I was. The problem is that the paper is due very soon and this isn’t the only class I lost a lot of information in and I’m struggling to play catch-up the last few weeks.
Muirner,
I don't really have a list of sites for you but we sometimes use a program called Yahoom for decrypting Yahoo messenger chats, the only issue with it is that you have to assign the usernames. Also I believe there is a program called AIM Log Manager by Nalsoft, I used this for a couple of projects in college. Download.com has a couple chat log programs but they are more for logging during a conversation rather than after the fact type of forensics but it may help to add some variety to your paper. Try using the search "chat examiner" or "chat log examiner", it may help.
Hope this helps.
Send me a PM with your e-mail address and I'll send you 3 PDFs I have on Skype log file analysis, Yahoo chat fragments in unallocated space and MSN/Live Messenger. I tried looking for links for them on the Internet, but couldn't find all 3. I originally obtained them from GSI's forums.
Jeff
Below is a link for a good resource regarding MSN messenger / Windows Live Messenger
http//
This may be one of the pdf's jeffcaplan is referencing
Yup, that's one of 'em.
Hello Forensic Focus readers,
I am doing a project on online messenger forensics. .
Do you mean web messenger forensics as opposed to a messenger client which you download and install?
Thank you for the links everyone you've been extremely helpful
No i mean the traditional download and install version. I may try to continue this into my Senior year to expand on the ones that use java that are just a web app.
You should try to find a PCB for your failed hard disks. It is possible to swap the PCB from the failed disk with a PCB from the same product batch, thereby allowing the platters to be accessed along with your data. Speak to a Data Recovery/Wholesale Hard Disk supplier and you may get a result.
Western Digital is going to replace the drives. The thing is they are from a different "generation" The ones i have are AKS, and the new ones are AAKS drives. I'm thinking i may be able to swap the controllers on the hdd to access it.
Do you think i need to look for the exact hdd to pull the controller off of?
By the way, thank you everyone for the help you gave. I managed to write my paper and learn a good amount more about messenger forensics.
Muirner,
Indeed, all you need is another disk of the same capacity that was manufactured in the same batch as your failed disk or disk's. Swap the PCB and your problem should be resolved.
The important thing is that the controllers need to be from the same batch and programmed to recognise the same size of hard disk. Controllers from the next or prior batch may not do.
Data Recovery/Wholesale Hard Disk suppliers would be the place to start for more detailed and reliable information.