Forensics Journal - Stevenson University 2013 | Page 72
FORENSICS JOURNAL
There are multiple forensic software programs available to decode
the Skype data on a Windows computer. Even without these programs, Skype data may be decoded by hand using standard forensic
programs. Because none of these programs decode all the data that
Skype stores, forensic examiners should decode the additional data,
such as account options, by hand.
TABLE 1 SKYPE TOOL TABLE
REFERENCES
Baset, Salman and Schulzrinne, Henning. “An Analysis of the Skype
Peer-to-Peer Internet Telephony.” 15 September 2004. Columbia University. http://www1.cs.columbia.edu/~library/TR-repository/reports/
reports-2004/cucs-039-04.pdf. 1 September 2012.
Belkasoft. “Belkasoft Evidence Center 2012.” 2012. Belksoft.com.
http://forensic.belkasoft.com/en/bec/en/evidence_center.asp. 1 September 2012.
—. Skype Analyzer. 2012. http://home.belkasoft.com/en/bsa/en/
Skype_Analyzer.asp. 11 October 2012.
Bunting, Steve. EnCE Computer Forensics: The Official EnCase Certified Examiner Study Guide. Indianapolis, IN: John Wiley & Sons,
Inc., 2012. Book.
Dupasquire, Burschka, Mclaughlin; and Sezer. “Analysis of information leakage from encrypted Skype conversations. .” International
Journal of Information Security; Vol. 9 Issue 5 (2010): 313-325.
Electronic.
A weakness in all the tools was the lack of reporting on Skype options
and settings, which should be decoded manually by the examiner. No
tool was able to carve Skype artifacts from the memory dumps, and
none of the tools enabled the examiner to play the voicemail recording. Examiners should perform full and complete testing and validation before using any of these tools (Shafer, Skype Data Experiments).
EIU: Economist Intelligence Unit. Essential Internet. New York, NY:
EIU: Economist Intelligence Unit, 2003. Printed Book.
Fogt, Robert. http://www.onlineconversion.com/unix_time.htm. 2010.
Website. 7 October 2012.
CONCLUSION
“Forensic Toolkit Lab v3.3.” AccessData Group, LLC, 2011. Software.
A forensic examination of a Windows computer can reveal the contact
information and communication records of a Skype user, but the
current Skype forensic tools do not necessarily provide all the artifacts that Skype stores. The answers to those important investigative
questions, “who did they know?” and “with whom did they communicate?” may be found in their Skype contacts. Skype’s recording
of phone call, message and video call transaction information, such as
date, time, and duration, is very much like the pen register data the
investigators have come to expect from the phone companies. Important information such as address and banking information can only
be found on the Skype servers. The subpoena can be a powerful tool
when a subject is a Skype user, and more investigators should make
use of this tool to obtain this server data. Records of chat conversations and voicemail records provide the answer to, “what did the
subjects say?”
Gold, Steve. “Securing VoIP.” Network Security. March 2012: 14-17.
Article.
Harvard Law Review. “ Criminal Law - Stored Communications Act
- Third Circuit Allows Government to Acquire Cell Phone Tracking
Data Without Probable Cause. - re The Application of the United
States for an Order Directing a Provider of Electronic Communication Service.” Harvard Law View, 1, Vol: 124 (2011): 1580. Electronic from LexisNexis Academic: Law Reviews.
Honeycutt, Jerry. Microsoft Windows Registry Guide. Redmond, WA:
Microsoft Press, 2005. Printed Book.
[email protected]. Skype Communications, Inc. 2012. Email.
71