This article describes common approaches used for the recovery of cleared Skype histories and deleted chat logs, and discusses methods and techniques for recovering evidence from cleared and damaged SQLite databases.
It is difficult to underestimate popularity of Skype. Hundreds of millions of people use Skype every day, generating a lot of potential evidence. Recent versions of Skype are using SQLite databases to keep all history items. Chat logs, information about voice calls made and received, and a lot of other information is available in these SQLite databases. Accessing and analyzing this evidence is essential for many investigations involving a seized PC. At this time, there are lots of tools that can be used to view and analyze SQLite databases. These tools range from freeware utilities to fully featured and highly expensive forensic suites. While viewing records an existing, healthy SQLite database is not a big deal, performing a forensic analysis of such database has quite different requirements…