I wonder if anyone can assist, I am examining a computer HDD within encase, the machine has windows live messenger installed, with the older MSN messenger, the email addresses of the conversation participants was contained within the chat log, this appears not to be the case with Live messenger. Does anyone know how to resolve an email address to the chat log so I can trace the other party. It needs to be done sooner rather than later. Thanks
hi, their is a program called Fbox ( i think it might be only available to LE). You can try and email the programmer to see if he will give you a copy
forensicbox@gmail.com
regards
Ironfist
Thanx Ironfist, I have emailed for that But I was hoping that there might be a simple way to link them together. it was worth a try.
Thanks again.
Griff.
Griff,
I believe the WLM chatlogs (IF SAVED) are as follows;
Vista - C\Users\*Username*\Documents\My Chat Logs\*Month year*\*.*
The chatlogs are in html with the users email address as the filename eg "joebloggs@hotmail.com.html"
and at C\Users\UserName\Documents\My Received Files\MyPassportname2205654945\History\ *.*
In XML format.
XP - The default folder for the location of the saved messages is the users My Documents\My Received Files\MSNUserNameNNNNNNNNNN\History
There are various artefacts in both flavours. Are you a member of ForensicWiki ? There are many useful references on that wiki - worth joining, the link is as follows;
http//
Cheers Dave
The numeric value included in the filename.xml is the passportID number of the contact. You can export and search the contact list of suspects account for that specific passportID.