Forensics Journal - Stevenson University 2013 | Page 72

FORENSICS JOURNAL There are multiple forensic software programs available to decode the Skype data on a Windows computer. Even without these programs, Skype data may be decoded by hand using standard forensic programs. Because none of these programs decode all the data that Skype stores, forensic examiners should decode the additional data, such as account options, by hand. TABLE 1 SKYPE TOOL TABLE REFERENCES Baset, Salman and Schulzrinne, Henning. “An Analysis of the Skype Peer-to-Peer Internet Telephony.” 15 September 2004. Columbia University. http://www1.cs.columbia.edu/~library/TR-repository/reports/ reports-2004/cucs-039-04.pdf. 1 September 2012. Belkasoft. “Belkasoft Evidence Center 2012.” 2012. Belksoft.com. http://forensic.belkasoft.com/en/bec/en/evidence_center.asp. 1 September 2012. —. Skype Analyzer. 2012. http://home.belkasoft.com/en/bsa/en/ Skype_Analyzer.asp. 11 October 2012. Bunting, Steve. EnCE Computer Forensics: The Official EnCase Certified Examiner Study Guide. Indianapolis, IN: John Wiley & Sons, Inc., 2012. Book. Dupasquire, Burschka, Mclaughlin; and Sezer. “Analysis of information leakage from encrypted Skype conversations. .” International Journal of Information Security; Vol. 9 Issue 5 (2010): 313-325. Electronic. A weakness in all the tools was the lack of reporting on Skype options and settings, which should be decoded manually by the examiner. No tool was able to carve Skype artifacts from the memory dumps, and none of the tools enabled the examiner to play the voicemail recording. Examiners should perform full and complete testing and validation before using any of these tools (Shafer, Skype Data Experiments). EIU: Economist Intelligence Unit. Essential Internet. New York, NY: EIU: Economist Intelligence Unit, 2003. Printed Book. Fogt, Robert. http://www.onlineconversion.com/unix_time.htm. 2010. Website. 7 October 2012. CONCLUSION “Forensic Toolkit Lab v3.3.” AccessData Group, LLC, 2011. Software. A forensic examination of a Windows computer can reveal the contact information and communication records of a Skype user, but the current Skype forensic tools do not necessarily provide all the artifacts that Skype stores. The answers to those important investigative questions, “who did they know?” and “with whom did they communicate?” may be found in their Skype contacts. Skype’s recording of phone call, message and video call transaction information, such as date, time, and duration, is very much like the pen register data the investigators have come to expect from the phone companies. Important information such as address and banking information can only be found on the Skype servers. The subpoena can be a powerful tool when a subject is a Skype user, and more investigators should make use of this tool to obtain this server data. Records of chat conversations and voicemail records provide the answer to, “what did the subjects say?” Gold, Steve. “Securing VoIP.” Network Security. March 2012: 14-17. Article. Harvard Law Review. “ Criminal Law - Stored Communications Act - Third Circuit Allows Government to Acquire Cell Phone Tracking Data Without Probable Cause. - re The Application of the United States for an Order Directing a Provider of Electronic Communication Service.” Harvard Law View, 1, Vol: 124 (2011): 1580. Electronic from LexisNexis Academic: Law Reviews. Honeycutt, Jerry. Microsoft Windows Registry Guide. Redmond, WA: Microsoft Press, 2005. Printed Book. [email protected]. Skype Communications, Inc. 2012. Email. 71