StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Digital Forensic: Skype - Case Study Example

Cite this document
Summary
This case study "Digital Forensic: Skype" discusses various available tools that will aid the digital forensic investigation process, document the steps involved in the investigation process along with the challenges that have to be faced during the course of the investigation process…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96% of users find it useful
Digital Forensic: Skype
Read Text Preview

Extract of sample "Digital Forensic: Skype"

Digital forensic The need for digital forensic in this high-tech world is inevitable. In recent times, the use of social networking, instant messaging, and web browsing has undergone a phenomenal growth and so is the number of cyber crimes. Due to the wide availability and cheap price of the Voice over internet protocol (VoIP) applications, they are extensively used by most of the high profile companies. Skype is one such application which allows instant messaging, file transfers, voice and video calls, and screen sharing between users (Wallingford 2006). As mentioned earlier, Skype is no exemption for computer crimes like cyber bulling and information theft. So, digital forensic has become very essential and in fact a part of the overall security perspective of any computer based industry, in spite of various challenges associated with the digital forensic investigation process. The increased use of Skype is resulting in increased number of cyber crimes as the users take advantage of the anonymity associated with its use. But with the aid of apt digital forensic tools, valuable evidences can be retrieved and it can reveal the defendant’s activities. This report will discuss about the various available tools that will aid the digital forensic investigation process, document the steps involved in the investigation process along with the challenges that has to be faced during the course of the investigation process. The artifacts collected from a Skype conversation can be analysed with the help of several investigation tools like ‘Skype chat carver’, ‘Belkasoft Evidence Center’, ‘Chat Examiner’, ‘Epilog’, ‘Forensic Assistant’, ‘Internet Evidence Finder’, ‘Skype Extractor’, ‘SkypeAlyzer’, ‘SkypeLogview’, and others (Mikhaylov 2013). It is very important to know where and how to recover the evidences like calls, messages, contacts, file transfers, and voicemails from a user’s accounts in order to utilize the above mentioned tools in the forensic analysis process. The steps stated below will help in the evidence recovery process. The first step is to discover the Skype user directories which may be found by following the below mention root path provided in the example screen shot (Shaw 2014). Fig 1: Root Path (Shaw 2014) There are four users who use Skype application in this example. The file named ‘shared’ is a XML file which contains the main configuration information like time of usage, IP address, and other useful information. Exploring the ‘shared’ file one can retrieve the Unix style time stamp information (Shaw 2014). Here comes the first challenge. This Unix style time stamp information is displayed in a coded format as a string of numbers, which has to be converted to readable format. So, an investigator has to rely on online Unix time conversion tools to convert the string of numbers to an understandable time format. After completion of the conversion process the Skype conversation time can be discovered. This process is explained with the help of the screen shot shown below. Fig 2: Conversion (Shaw 2014) Next major step is to identify the IP address of the system involved in the conversation. This is available in the ‘HostCache’ tag of the ‘shared’ XML file Fig 3: Identificaiton of IP address (Shaw 2014). The Hexadecimal value D5C7B3AD9C51 in the above screenshot indicates the IP address. The next challenge is to convert this Hexadecimal value to decimal in order to retrieve the IP address in an understandable format. Again an investigator has to rely on online Unix conversion tools to retrieve the IP address. Other tags in the ‘shared’ file like ‘UIVersion’ and ‘Language’ denotes the Skype version and the language used for communication (Shaw 2014). A specific user directory is selected for further analysis as shown in the below screenshot. Fig 4: User Directory (Shaw 2014) A user’s directory contains the chat, call, and voicemail information as a split data across several files and data are to be combined from multiple sessions and dates (Shaw 2014). For an investigator unifying the split data to retrieve useful information is the greatest challenge. In such cases tools like Internet Evidence Finder (IEF) can greatly help (Jamie 2014). The file named ‘Chatsync’ contains all the data regarding the history of a particular chat session like who are the chat participants? who initiated the chat? chat messages and their status, timestamp values, and others (Shaw 2014). The most important file is the ‘Main.db’ which contains the most valuable artifacts like user’s account, calls, messages, group chat, contacts, file transfers, voicemails, and SMS messages. The ‘Main.db’ file contains a table named ‘Accounts’ which allows the investigator to collect information regarding the user’s Skype name, full name, birthday, gender, email address, location data, telephone details, when the profile was created and last modified (Jamie 2014). This seems to be very significant information for an investigator. But, if we critically evaluate the above mentioned details, there is no confirmation that the information provided by the user is true. Suspects usually have a tendency to create fake profile information like modifying the gender, wrong telephone numbers, fake email addresses, and so on. Next the call information are retrieved from the ‘call’ table which contains information like call type, local user details, and remote user details as shown in the example screen shot given below (Shaw 2014). Fig 5: Information (Shaw 2014) Defendants use Skype to steal valuable piece of information from an organization because in most cases whenever such a theft occurs, authorities either scrutinize the suspects email or his USB device, as Skype transfer is not much expected and suspected means of information theft. The ‘Main.db’ file contains information regarding file transfers which is very much essential to investigate an intellectual property theft. It contains information regarding the time and date of file transfer, sender / receiver information, file name and size, and delivery status. Once transferred, the files are stored in the location shown in the below figure (Jamie 2014). The chat message information is stored in the ‘Main.db’ and ‘Chat.sync’ files (Jamie 2014). While investigating chat messages, an investigator has to be careful because overlap of information is possible because the two files contain almost similar information. Details regarding group chat are also available which can be identified with the help of the ‘type’ field. If there are only two participants in a conversation, the type field is mentioned as 2 and if there are more than two participants the type fields is mentioned as 4 (Jamie 2014). So, if the committed crime is related to sending messages, then it can be perfectly investigated and the accused can be easily caught with appropriate evidences. The ‘Main.db’ file consists detailed information about the voice mails sent over Skype. The audio file is located in the ‘voicemail’ table and can be easily read by any SQLite database reader. The audio files are stored in the location shown in the below figure (Jamie 2014). Again here comes another challenge to the investigator. It is not possible to replay Skype voice mail conversations outside the Skype application because Microsoft always store the audio files in a proprietary format (Jamie 2014). To sort out this problem, the investigator has to create a Skype account and record a voicemail after logging into his account. Then the recorded voicemail must be replaced with the voicemail that has to be investigated. This way Skype permits the defendant’s voicemail to be played via the investigator’s account (Jamie 2014). This process is really challenging because it consumes a lot of time. Though it consumes a lot of time, the reward may be valuable evidence. Other challenges faced by an investigator are while using tools like Automatic SQLite Carver, some data can be missed and there is no assurance for entire data to be retrieved (Mikhaylov 2013). Also some data available at the end of a file may be lost and can never be retrieved. Another critical issue is that if the committed crime is related to either chat messages or threatening voicemails and even information theft, it can be resolved and the accused can be charged with proper evidence. But Skype is extensively used for video chatting and live conversations. Though the details about the participants of the conversation along with the time information are available, what was actually conversed cannot be recovered as evidence unless the conversation has been recorded. So, crimes related to live web chats will always be a challenge to a digital forensic investigator to investigate. As per the result of a research conducted by the Berkeley scientists, 93% of the information created, never leaves the digital domain (Gubanov 2012). So, even if a criminal is clever enough to delete all the digital information related to the crime, he still leaves a definite trace which becomes a strong evidence for the crime committed by him. So, here comes the role of digital forensics which uncovers the details of even an expertly committed crime. Proper handlings of digital forensic investigations with appropriate tools are very much indispensable for uncovering the crime and prevent its future occurrence. References Gubanov, Y., 2012. Retrieving Digital Evidence: Methods, Techniques and Issues. Available from: http://forensic.belkasoft.com/en/retrieving-digital-evidence- methods-techniques-and-issues(accessed on November 8, 2014) McQuaid, J., 2013. Skype Forensics: Analyzing Call and Chat Data From Computers and Mobile. Available from: http://cdn2.hubspot.net/hub/209184/file- 659618264-pdf/Skype_Forensics_-_Analyzing_Call_and_Chat_Data_ From_Computers_and_Mobile_-_Magnet_Forensics.pdf?submissionGui d=b9cefdfd-6996-41c1-b03a-31afa58de3c8(accessed on November 8, 2014) Mikhaylov, I., 2013. Extracting Evidence from Destroyed Skype Logs and Cleared SQLite Databases. Available from: http://articles.forensicfocus.com/2013/11/26/extracting-evidence-from- destroyed-skype-logs-and-cleared-sqlite-databases/(accessed on November 8, 2014) Mikhaylov, I., 2013. The Automatic Skype Chat Carver v0.0.0.1. Available from: http://www.forensicfocus.com/Forums/viewtopic/t=11223/ Shaw, R., 2014. Skype Forensics. Available from: http://resources.infosecinstitute.com/skype-forensics-2/(accessed on November 8, 2014) Wallingford, T., 2006. VoIP applications. Available from: http://www.macworld.com/article/1051658/voip.html(accessed on November 8, 2014) Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Digital forensic Coursework Example | Topics and Well Written Essays - 1500 words - 1”, n.d.)
Digital forensic Coursework Example | Topics and Well Written Essays - 1500 words - 1. Retrieved from https://studentshare.org/information-technology/1664701-digital-forensic
(Digital Forensic Coursework Example | Topics and Well Written Essays - 1500 Words - 1)
Digital Forensic Coursework Example | Topics and Well Written Essays - 1500 Words - 1. https://studentshare.org/information-technology/1664701-digital-forensic.
“Digital Forensic Coursework Example | Topics and Well Written Essays - 1500 Words - 1”, n.d. https://studentshare.org/information-technology/1664701-digital-forensic.
  • Cited: 0 times

CHECK THESE SAMPLES OF Digital Forensic: Skype

Traditional and Wireless IDS/IPS Techniques

This essay focuses on Traditional and Wireless IDS/IPS Techniques.... Most IPS/IDS (Intrusion Prevention System / Intrusion detection system) programs typically use signatures of known cracker attempts to signal an alert.... Others look for deviations of the normal routine as indications of an attack....
5 Pages (1250 words) Research Paper

General Security Mandate and Intent of the Management

As the University of Wales has inaugurated a new bespoke digital forensic and information security laboratory, we will use a phased approach that will use a basic policy framework that will address key policies followed by the development of more policies.... For a newly inaugurated forensic laboratory, the initial step would be to publish a policy that includes bulleted points i.... Organizations are dependent on these digital communication channels for transferring and exchanging classified information such as confidential information, mission-critical information, and information that is published for the people....
9 Pages (2250 words) Assignment

Developmental and Degenerative Methods of Age Determination in Human Skeletal Remains

forensic Biology [Name] [Date] Introduction forensic biology is based on different methods.... A field of forensic biology is not an exception and both degenerative and developmental methods, as well as their relevant application are considered further on....
7 Pages (1750 words) Essay

The Pubic Symphysis in Forensic Osteology

The pubic symphysis has importance in the branch of forensic anthropology, as they can be used for the estimation of age of adult skeletons.... ractures of pelvis are important in forensic pathology in two aspects - First, a great amount of force is required to disrupt the pelvic ring....
15 Pages (3750 words) Essay

The Process of Gathering Forensic Evidence

This is a computer hardware toolkit that is used in the performance of very detailed digital examination of forensic evidence.... It is built using ubuntu software and is able to combine witness experience to come up with a witness format that is used in hand with advanced forensic format.... This tool helps forensic experts to secure and examine raw data disks....
4 Pages (1000 words) Essay

Three-Dimensional Laser Scanning of Crime Scene Gum

“Three-Dimensional Laser Scanning of "Crime Scene Gum" as a forensic Method Demonstrating the Creation of Virtual Tooth Surface Contour and Web-Based Rapid Model Fabrication” forensic… 2 (2010) The five authors who wrote this report carried out a research project with the aim of describing a method that could be used for automated3-D laser scanning of gum found at a crime scene with the use of inexpensive, automated 3-D scanner.... “Three-Dimensional Laser Scanning of "Crime Scene Gum" as a forensic Method Demonstrating the Creation of Virtual Tooth Surface Contour and Web-Based Rapid Model Fabrication” forensic Science Communications 12....
2 Pages (500 words) Essay

Case Portfolio Analysis

If this data was shared between several users, then a forensic study of the same can also reveal the destinations of the data with regard to the computers… ii.... This evidence can be preserved by taking a forensic imaging of the keys.... A removable flash drive/disk: This drive can be used as evidence to show any data that was stored in it by Mr....
6 Pages (1500 words) Essay

Forensic Science for Criminal Tracking and Crimes Prevention

Breakthrough in forensic science happened in past decades when the F....  … Since the scope of forensic science is quite broad it even applies to the field of botany as well.... forensic botany includes the study of plants and their species.... forensic science is the field specialized in dealing with tracing the evidence and later working on the evidence to reach to the culprit and crime through the use of scientific methods and techniques....
9 Pages (2250 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us