Hi All, Happy New Year.
I was wondering if anyone has had much experience with the New Skype IM & VOIP Application (Verion 4). I have been asked by a client to extract conversion/call history and contacts list from a users computer (Vista) along with a few other objects (word documents). I have created a Image uisng FTK Imager 2.6.1.62 (DD image) and a Write Blocker and extracted the Skype Folder and Sub- Content (I have Hash Values created for both the Drive and the Skype Folder).
I am using the Belkasoft IM Anlayzer (1.05) to do the Parsing. One problem I have encountered thought is after I parsed the Skype Data I used a Second Tool SkyLogView to extract the skype data. When I compared my TimeStamps they were different by an hour. The system in question was taken out of action in september of 09 which indicates that DST was in effect (Computer was in London for a time period). From testing that I have done, the new Skype App seems to use the Systems Local Time when creating its time stamps.(I changed my system time and time zone inof and then extracted the logs) Also as the Belkasoft Application wont show call history I used the SkypeLogView app to get this information. 4 Call histories that where extracted show the year as 2066.
I have extracted the registry and confirmed the Time Zone is set to GMT (London, Dublin) Standard Time. Again from testing it seems that the Belkasoft IM Analyzer uses the Local Time from my computer when parsing. What I basically need to find out is which dates do I use as I have two seperate Dates for each extracted record. Because the System in question was using GMT standard time, I have set my system to GMT standard time also. Would the results now be correct even though DST effect or do I need to amend them by the hour. If anyone has any info it would be greatly appreciated, and if my question is a bit vague I can fill in more detial.
Kind Regards,
Brianq