StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Skype Forensics - Case Study Example

Cite this document
Summary
This case study "Skype Forensics" discusses digital forensic in this high-tech world that is inevitable. In recent times, the use of social networking, instant messaging, and web browsing has undergone phenomenal growth and so is the number of cybercrimes…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.6% of users find it useful
Skype Forensics
Read Text Preview

Extract of sample "Skype Forensics"

Digital forensic Introduction The need for digital forensic in this high-tech world is inevitable. In recent times, the use of social networking, instant messaging, and web browsing has undergone a phenomenal growth and so is the number of cyber crimes. Due to the wide availability and cheap price of the Voice over internet protocol (VoIP) applications, they are extensively used by most of the high profile companies. Skype is one such application which allows instant messaging, file transfers, voice and video calls, and screen sharing between users (Wallingford 2006). As mentioned earlier, Skype is no exemption for computer crimes like cyber bulling and information theft. So, digital forensic has become very essential and in fact a part of the overall security perspective of any computer based industry, in spite of various challenges associated with the digital forensic investigation process. The increased use of Skype is resulting in increased number of cyber crimes as the users take advantage of the anonymity associated with its use. But with the aid of apt digital forensic tools, valuable evidences can be retrieved and it can reveal the defendant’s activities. This report will discuss about the various available tools that will aid the digital forensic investigation process, document the steps involved in the investigation process along with the challenges that has to be faced during the course of the investigation process. Discussion The artifacts collected from a Skype conversation can be analysed with the help of several investigation tools like ‘Skype chat carver’, ‘Belkasoft Evidence Center’, ‘Chat Examiner’, ‘Epilog’, ‘Forensic Assistant’, ‘Internet Evidence Finder’, ‘Skype Extractor’, ‘SkypeAlyzer’, ‘SkypeLogview’, and others (Mikhaylov 2013). It is very important to know where and how to recover the evidences like calls, messages, contacts, file transfers, and voicemails from a user’s accounts in order to utilize the above mentioned tools in the forensic analysis process. The steps stated below will help in the evidence recovery process. The first step is to discover the Skype user directories which may be found by following the below mention root path provided in the example screen shot (Shaw 2014). Fig 1: Root Path (Shaw 2014) There are four users who use Skype application in this example. The file named ‘shared’ is a XML file which contains the main configuration information like time of usage, IP address, and other useful information. Exploring the ‘shared’ file one can retrieve the Unix style time stamp information (Shaw 2014). Here comes the first challenge. This Unix style time stamp information is displayed in a coded format as a string of numbers, which has to be converted to readable format. So, an investigator has to rely on online Unix time conversion tools to convert the string of numbers to an understandable time format. After completion of the conversion process the Skype conversation time can be discovered. This process is explained with the help of the screen shot shown below. Fig 2: Conversion (Shaw 2014) Next major step is to identify the IP address of the system involved in the conversation. This is available in the ‘HostCache’ tag of the ‘shared’ XML file Fig 3: Identificaiton of IP address (Shaw 2014). The Hexadecimal value D5C7B3AD9C51 in the above screenshot indicates the IP address. The next challenge is to convert this Hexadecimal value to decimal in order to retrieve the IP address in an understandable format. Again an investigator has to rely on online Unix conversion tools to retrieve the IP address. Other tags in the ‘shared’ file like ‘UIVersion’ and ‘Language’ denotes the Skype version and the language used for communication (Shaw 2014). A specific user directory is selected for further analysis as shown in the below screenshot. Fig 4: User Directory (Shaw 2014) A user’s directory contains the chat, call, and voicemail information as a split data across several files and data are to be combined from multiple sessions and dates (Shaw 2014). For an investigator unifying the split data to retrieve useful information is the greatest challenge. In such cases tools like Internet Evidence Finder (IEF) can greatly help (Jamie 2014). The file named ‘Chatsync’ contains all the data regarding the history of a particular chat session like who are the chat participants? who initiated the chat? chat messages and their status, timestamp values, and others (Shaw 2014). The most important file is the ‘Main.db’ which contains the most valuable artifacts like user’s account, calls, messages, group chat, contacts, file transfers, voicemails, and SMS messages. The ‘Main.db’ file contains a table named ‘Accounts’ which allows the investigator to collect information regarding the user’s Skype name, full name, birthday, gender, email address, location data, telephone details, when the profile was created and last modified (Jamie 2014). This seems to be very significant information for an investigator. But, if we critically evaluate the above mentioned details, there is no confirmation that the information provided by the user is true. Suspects usually have a tendency to create fake profile information like modifying the gender, wrong telephone numbers, fake email addresses, and so on. Next the call information are retrieved from the ‘call’ table which contains information like call type, local user details, and remote user details as shown in the example screen shot given below (Shaw 2014). Fig 5: Information (Shaw 2014) Personal Reflections Defendants use Skype to steal valuable piece of information from an organization because in most cases whenever such a theft occurs, authorities either scrutinize the suspects email or his USB device, as Skype transfer is not much expected and suspected means of information theft. The ‘Main.db’ file contains information regarding file transfers which is very much essential to investigate an intellectual property theft. It contains information regarding the time and date of file transfer, sender / receiver information, file name and size, and delivery status. Once transferred, the files are stored in the location shown in the below figure (Jamie 2014). The chat message information is stored in the ‘Main.db’ and ‘Chat.sync’ files (Jamie 2014). While investigating chat messages, an investigator has to be careful because overlap of information is possible because the two files contain almost similar information. Details regarding group chat are also available which can be identified with the help of the ‘type’ field. If there are only two participants in a conversation, the type field is mentioned as 2 and if there are more than two participants the type fields is mentioned as 4 (Jamie 2014). So, if the committed crime is related to sending messages, then it can be perfectly investigated and the accused can be easily caught with appropriate evidences. The ‘Main.db’ file consists detailed information about the voice mails sent over Skype. The audio file is located in the ‘voicemail’ table and can be easily read by any SQLite database reader. The audio files are stored in the location shown in the below figure (Jamie 2014). Again here comes another challenge to the investigator. It is not possible to replay Skype voice mail conversations outside the Skype application because Microsoft always store the audio files in a proprietary format (Jamie 2014). To sort out this problem, the investigator has to create a Skype account and record a voicemail after logging into his account. Then the recorded voicemail must be replaced with the voicemail that has to be investigated. This way Skype permits the defendant’s voicemail to be played via the investigator’s account (Jamie 2014). This process is really challenging because it consumes a lot of time. Though it consumes a lot of time, the reward may be valuable evidence. Other challenges faced by an investigator are while using tools like Automatic SQLite Carver, some data can be missed and there is no assurance for entire data to be retrieved (Mikhaylov 2013). Also some data available at the end of a file may be lost and can never be retrieved. Another critical issue is that if the committed crime is related to either chat messages or threatening voicemails and even information theft, it can be resolved and the accused can be charged with proper evidence. But Skype is extensively used for video chatting and live conversations. Though the details about the participants of the conversation along with the time information are available, what was actually conversed cannot be recovered as evidence unless the conversation has been recorded. So, crimes related to live web chats will always be a challenge to a digital forensic investigator to investigate. Conclusion As per the result of a research conducted by the Berkeley scientists, 93% of the information created, never leaves the digital domain (Gubanov 2012). So, even if a criminal is clever enough to delete all the digital information related to the crime, he still leaves a definite trace which becomes a strong evidence for the crime committed by him. So, here comes the role of digital forensics which uncovers the details of even an expertly committed crime. That is, by using key facets of digital forensics, crimes that are committed using tools such as skype can be found out. So, proper handlings of digital forensic investigations with appropriate tools are very much indispensable for uncovering the crime and prevent its future occurrence. References Gubanov, Y., 2012. Retrieving Digital Evidence: Methods, Techniques and Issues. Available from: http://forensic.belkasoft.com/en/retrieving-digital-evidence- methods-techniques-and-issues(accessed on November 8, 2014) McQuaid, J., 2013. Skype Forensics: Analyzing Call and Chat Data From Computers and Mobile. Available from: http://cdn2.hubspot.net/hub/209184/file- 659618264-pdf/Skype_Forensics_-_Analyzing_Call_and_Chat_Data_ From_Computers_and_Mobile_-_Magnet_Forensics.pdf?submissionGui d=b9cefdfd-6996-41c1-b03a-31afa58de3c8(accessed on November 8, 2014) Mikhaylov, I., 2013. Extracting Evidence from Destroyed Skype Logs and Cleared SQLite Databases. Available from: http://articles.forensicfocus.com/2013/11/26/extracting-evidence-from- destroyed-skype-logs-and-cleared-sqlite-databases/(accessed on November 8, 2014) Mikhaylov, I., 2013. The Automatic Skype Chat Carver v0.0.0.1. Available from: http://www.forensicfocus.com/Forums/viewtopic/t=11223/ Shaw, R., 2014. Skype Forensics. Available from: http://resources.infosecinstitute.com/skype-forensics-2/(accessed on November 8, 2014) Wallingford, T., 2006. VoIP applications. Available from: http://www.macworld.com/article/1051658/voip.html(accessed on November 8, 2014) Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Digital forensic Coursework Example | Topics and Well Written Essays - 1500 words”, n.d.)
Digital forensic Coursework Example | Topics and Well Written Essays - 1500 words. Retrieved from https://studentshare.org/information-technology/1664700-digital-forensic
(Digital Forensic Coursework Example | Topics and Well Written Essays - 1500 Words)
Digital Forensic Coursework Example | Topics and Well Written Essays - 1500 Words. https://studentshare.org/information-technology/1664700-digital-forensic.
“Digital Forensic Coursework Example | Topics and Well Written Essays - 1500 Words”, n.d. https://studentshare.org/information-technology/1664700-digital-forensic.
  • Cited: 0 times

CHECK THESE SAMPLES OF Skype Forensics

Voip

forensics in VoIP Services April 9, 2009 An introduction to VOIP and SIP VoIP is telephony which uses a packet switched network as against circuit switched networks.... se of Forensic Computing in VoIPMemory forensics, a relatively unexplored area of computer forensics, can be used in VoIP.... u/anzsys08/proceedings/2006/forensics/Simon%20Slay%20-%20Voice%20over%20IP-%20Forensic%20Computing%20Implications.... skype uses 256 bit AES encryption while Google Talk does not encrypt its payload (but will support encryption in the future)....
2 Pages (500 words) Research Proposal

Fingerprinting Technologies in Forensics

In real terms the presence of DNA clues in a crime location could make all the difference between return of a guilty verdict, or the exoneration of a suspect.... Crime fighters and forensic experts make good use of DNA profiling by matching DNA profiles found at the site of crimes… Over the years of its useful application for major tests, and successful accomplishment as a major crime detector, DNA has, perhaps through trials and errors, evolved as a complete science in itself, From a humble beginning during the 19th Century without much data support to prove its credibility and usefulness, it has now evolved as an empirical and objective science on its own merits and rights....
5 Pages (1250 words) Essay

Invistigation Forensics : how to find evidence from an oracle data base

(2005) practically evaluates the effectiveness of using LogMiner utility as an Oracle forensics investigation tool.... Having run the query, it was found that the timestamp field was defined as Date field while the field was wrongly named as “Timestamp” which was misrepresenting in a forensics context.... one byte at a time: Oracle Database forensics using LogMiner, SANS Institute, 1-39.... Retrieved May 30, 2011, from http://computer-forensics....
2 Pages (500 words) Research Paper

The Process of Gathering Forensic Evidence

The whole team comes up with a way to collect, analyze and process data.... This is necessary for all stakeholders to be able to know what to expect during the… The main consultancy involves studying the place where the crime took place.... In this stage, the experts have to also come up with the exact location of the evidence so that it can be collected....
4 Pages (1000 words) Essay

Case Portfolio Analysis

A removable flash drive/disk: This drive can be used as evidence to show any data that was stored in it by Mr.... Didit.... If this data was shared between several users, then a forensic study of the same can also reveal the destinations of the data with regard to the computers… ii.... The computer keyboard: This devise is used in typing and keying in computer commands....
6 Pages (1500 words) Essay

Advanced Criminalistics - Document Examination

These subtleties are what make paper transactions advantageous and special in terms of forensics or investigation.... This paper declares that the most significant benefit of using paper for transactions is the uniqueness of handwriting.... Paper transactions bear handwritten signatures that numerous transactions today still call for....
2 Pages (500 words) Assignment

Forensic Science for Criminal Tracking and Crimes Prevention

The basic motive of this project is to present modern ways of criminal tracking and crimes prevention.... Breakthrough in forensic science happened in past decades when the F.... .... started using the tool of D.... .... and succeeded in hunting down crimes and criminals....  … Since the scope of forensic science is quite broad it even applies to the field of botany as well....
9 Pages (2250 words) Research Paper

Transmission Electron Microscope

"Transmission Electron Microscope" paper examines how a transmission electron microscope works.... It works similarly with any light microscope but instead of light electrons are used as a “light source”.... The paper also describes the use of transmission electron microscopes in forensic chemistry....
6 Pages (1500 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us