Forensics Journal - Stevenson University 2013 | Page 66
FORENSICS JOURNAL
SkypeTM Artifacts
Karen Lynne Shafer
While the investigator will still serve court orders on the service
providers to obtain transactional records, it is important for the investigator, as well as the forensic examiner, to understand what data the
service provider stores and what data is stored locally on the device,
especially with newer technology like Skype.
INTRODUCTION
No matter what the investigation is about, one of the most basic
questions is, “who is involved?” The next logical questions are, “who
did they know?” and, “with whom did they communicate?” Over the
years, methods of communication have changed. With these changes
have come different investigative methods to answer these questions.
Even with all of these changes, traditional phone calls are still the
primary method of communication for most people.
VOIP
VoIP, which is also known as Internet Telephony, is sending voice data
in real-time across a TCP/IP network, such as the Internet. VoIP uses
either a computer or a handset to break the voice data into packets
and then transmit them over the IP network (EIU: Economist Intelligence Unit).
Since 2003, Skype has enabled people to make phone calls with voice,
chat, and video using a Voice over IP Protocol [VoIP]. In Skype’s
earlier years, its users could only call other Skype users with an application on their computer (Baset, 2004). Today, Skype is owned by
Microsoft which allows its users to make calls to, and receive phone
calls from, any telephone in the world using the Skype application
on a smart-phone, tablet, or computer (Maney). Skype is not the
only provider of VoIP services, but it does have a quarter of a billion
end-users world-wide, which makes it a major player in this area
(Wingfield, 2012).
Skype is not the only VoIP service in use today. In fact, many people
do not even realize that what they consider their “landline” is actually
a VoIP telephone. Many ISPs offer bundled telephone services, which
are in fact running across the Internet connection, not the P