Join Us!

Notifications
Clear all

skype forensics  

  RSS
youcefb9
(@youcefb9)
Junior Member

I would like to have your experience/encounter in analysing skype data.

post mortem analysis
————————-
where do you look for evidential data regarding chats, voice, file transfer.

live analysis
————–
if you want to investigate a like case of skype where you have access to the suspect computer how do you tap into his contacts converstations (chats) without them knowing that you are online. the main point here is no to draw the attention of the contacts who are already authorised to have your status.

Quote
Posted : 31/03/2006 7:14 pm
itcentral
(@itcentral)
New Member

I have briefly looked at this and found that the chat histories seem to be stored in

%system disk%\Documents and Settings\%loginname%\Application Data\Skype\%skype-login%\chatsync

with a directory for each chat that has been established. Viewing the .dat file shows the parties in the chat

Contacts, call and chat histories are also in the .dbb files in the Skype\%skype-login% folder

hope that's of some use

paul

ReplyQuote
Posted : 02/04/2006 1:55 am
youcefb9
(@youcefb9)
Junior Member

paul, thanks for the feed.

it seems that that are scarce resources on the subject which warrant a full research into it.

the capability of skype in traversing firewalls and NAT applications is starting to show its teeth in the corporate world and will pose a challenge for forensic analysts.

youcef

ReplyQuote
Posted : 02/04/2006 10:56 pm
Belkasoft
(@belkasoft)
Active Member

paul, thanks for the feed.

it seems that that are scarce resources on the subject which warrant a full research into it.

the capability of skype in traversing firewalls and NAT applications is starting to show its teeth in the corporate world and will pose a challenge for forensic analysts.

youcef

Belkasoft has a tool which can recover Skype chat history from .dbb, .db and chatsync .dat files.

ReplyQuote
Posted : 08/04/2010 2:53 pm
PaulSanderson
(@paulsanderson)
Senior Member

You could also look at SkypeAlyzer

ReplyQuote
Posted : 08/04/2010 3:41 pm
Rampage
(@rampage)
Active Member

newer versions of skype use .db files, wich are sqlite3

ReplyQuote
Posted : 09/04/2010 4:55 am
keydet89
(@keydet89)
Community Legend

http//www.lmgtfy.com/?q=skype+forensics

ReplyQuote
Posted : 12/04/2010 6:00 pm
douglasbrush
(@douglasbrush)
Senior Member

http//www.forensicswiki.org/wiki/Skype

ReplyQuote
Posted : 12/04/2010 11:28 pm
DrDebonair
(@drdebonair)
Junior Member

You could try looking at a tool called SkypeLogView made by NirSoft, it gathers all the information you could need from the DB file and can export it in many formats.

ReplyQuote
Posted : 13/04/2010 1:37 am
Share: