Forensics Journal - Stevenson University 2013 | Page 66

FORENSICS JOURNAL SkypeTM Artifacts Karen Lynne Shafer While the investigator will still serve court orders on the service providers to obtain transactional records, it is important for the investigator, as well as the forensic examiner, to understand what data the service provider stores and what data is stored locally on the device, especially with newer technology like Skype. INTRODUCTION No matter what the investigation is about, one of the most basic questions is, “who is involved?” The next logical questions are, “who did they know?” and, “with whom did they communicate?” Over the years, methods of communication have changed. With these changes have come different investigative methods to answer these questions. Even with all of these changes, traditional phone calls are still the primary method of communication for most people. VOIP VoIP, which is also known as Internet Telephony, is sending voice data in real-time across a TCP/IP network, such as the Internet. VoIP uses either a computer or a handset to break the voice data into packets and then transmit them over the IP network (EIU: Economist Intelligence Unit). Since 2003, Skype has enabled people to make phone calls with voice, chat, and video using a Voice over IP Protocol [VoIP]. In Skype’s earlier years, its users could only call other Skype users with an application on their computer (Baset, 2004). Today, Skype is owned by Microsoft which allows its users to make calls to, and receive phone calls from, any telephone in the world using the Skype application on a smart-phone, tablet, or computer (Maney). Skype is not the only provider of VoIP services, but it does have a quarter of a billion end-users world-wide, which makes it a major player in this area (Wingfield, 2012). Skype is not the only VoIP service in use today. In fact, many people do not even realize that what they consider their “landline” is actually a VoIP telephone. Many ISPs offer bundled telephone services, which are in fact running across the Internet connection, not the P