Hi all,
Can anyone point me to a good documentation on how to perform forensic analysis for yahoo and google chat logs? I am not looking for any specific detail, just curious to know how to go about with it in general.
Thanks all.
gshah,
I don't know of specific references for this material but this is how I would approach a query such as yours…
1) Straight forward Internet seach (about 50% successful). If that doesn't turn up any decent material
2) Search forums such as this one (about 5% successful because the previous search should have turned it up)
3) Search through the library of archived forensics documents that our unit has accumulated over the years (about 10% successful depending on how old the technology you are researching is)
4) Set up a couple of Internet connected virtual machines with a chat account each. Set up the monitoring software (usually wireshark & process monitor). Hit the go button and have a chat between the two machines using as much functionality in the chat clients as possible. Then interpret what you have got from the monitoring software as well as looking closely at what was laid down on disk. This approach is about 99% successful but also the most time consuming. In the end you might even be able to identify some search terms that can uniquely identify the use of such chat and you can transfer to your investigation (and subsequent one's).
Paul
If you're looking for a tool to extract the logs, you may want to try IEF. http//
Thanks for the input guys. I really appreciate your help.