Hi everyone!
I'm a not very experienced in digital forensics yet and need some advise. I have used Encase 6.11.2 in the analyze.
I have a case where i have found pictures from conversation using MSN and filesharing using Bearshare.
My next step is to find who sent which pictures to whom. Here is where I'm stuck. Any advice?
Logging in MSN is off.
Best regards
Odd
Hi Odd,
you can look if you find some places like "user's shared folders" in HKEY_CURRENT_USER\Software\BearShare
HKEY_LOCAL_MACHINE\Software\BearShare
Sometimes there are files named downloadxxxxx.dat which hold the up- and downloaded files.
You can also try to find the install.log and check the given pathes there.
Typed keywords in Bearshare are stored in Documents and Settings\Bearshare\Data\shistory.im
See also in the same folder the files contentfile.db and downloadfile.db and the various logfiles and databases from Bearshare.
Hope it helped, would be fine if you post the results.
Chris
Hi Chris!
I cant give You an accurate answer here. I found the folders, but no files. I will try it some more in other cases and give You the results
Odd
Hi
Still got no solution too my problem. Files are sent and received using MSN, but they are stored in MY Pictures, Downloads etc. Is there a way I can find who sent the pictures.
Have been searcing MSN related folders, but don't find anything.
Odd
Try this pdf-file
http//
it contains really a lot of forensics knowhow about MSN.
Good luck Chris