A Forensic Log File Extraction Tool for ICQ Instant Messaging Clients

نویسندگان

  • Kim Morfitt
  • Craig Valli
چکیده

Instant messenger programs such as ICQ are often used by hackers and criminals for illicit purposes and consequently the log files from such programs are of interest in a forensic investigation. This paper outlines research that has resulted in the development of a tool for the extraction of ICQ log file entries. Detailed reconstruction of data from log files was achieved with a number of different ICQ software. There are several limitations with the current design including timestamp information not adjusted for the time zone, data could be altered, and conversations must be manually reconstructed. Future research will aim to address these and other limitations as pointed out in this paper.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

After Conversation - An Forensic ICQ Logfile Extraction Tool

Instant messenger programs such as ICQ are often used by hackers and criminals for illicit purposes and consequently the logfiles from such programs are of forensic interest. This paper outlines research in progress that has resulted in the development of a tool for the extraction of ICQ logfile entries. Detailed reconstruction of data from logfiles was achieved with a number of different ICQ s...

متن کامل

Forensic Analysis of Communication Records of Web-based Messaging Applications from Physical Memory

Inspection of physical memory allows digital investigators to retrieve evidence otherwise inaccessible when analyzing other storage media. In this paper, we analyze in-memory communication records produced by web-based instant messaging and email applications. Our results show that, in spite of the heterogeneity of data formats specific to each application, communication records can be represen...

متن کامل

ACS Seminar –Instant Messaging: architectures and concepts Instant Messaging: Architectures and Concepts

Instant Messaging (IM) is an Internet-based protocol application that allows one-to-one communication between users employing a variety of devices. [1] Recently, Instant Messaging has already obtained the remarkable success as P2P communication tool. In some places, it already took the place of e-mail as the first choice for long distance communication. In the mobile area, the Short Message Ser...

متن کامل

Investigating America Online Instant Messaging Application: Data Remnants on Windows 8.1 Client Machine

Instant messaging applications (apps) are one potential source of evidence in a criminal investigation or a civil litigation. To ensure the most effective collection of evidence, it is vital for forensic practitioners to possess an up-to-date knowledge about artefacts of forensic interest from various instant messaging apps. Hence, in this chapter, we study America Online Instant Messenger (ver...

متن کامل

Forensic Analysis of Volatile Instant Messaging

Older instant messaging programs typically require some form of installation on the client machine, enabling forensic investigators to find a wealth of evidentiary artifacts. However, this paradigm is shifting as web-based instant messaging becomes more popular. Many traditional messaging clients (e.g., AOL Messenger, Yahoo! and MSN), can now be accessed using only a web browser. This presents ...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:
  • JDFSL

دوره 1  شماره 

صفحات  -

تاریخ انتشار 2006