![]() ![]() Skype maintains a main database in a file named “main.db”.How Skype Stores History Logsīefore we begin analyzing Skype databases, let’s have a brief look at how Skype keeps its records. In this article, we’ll look at tools, methods and techniques used by forensic specialists to handle evidence contained in cleared Skype histories and deleted SQLite databases, particularly those located on formatted or repartitioned hard drives or discovered in the computer’s volatile memory. At this point, only dedicated forensic tools can still be used to recover deleted databases and extract evidence from cleared Skype logs. Suspects may and do destroy evidence by clearing chat histories and/or physically deleting Skype logs. While viewing records an existing, healthy SQLite database is not a big deal, performing a forensic analysis of such database has quite different requirements. These tools range from freeware utilities to fully featured and highly expensive forensic suites. Accessing and analyzing this evidence is essential for many investigations involving a seized PC.Īt this time, there are lots of tools that can be used to view and analyze SQLite databases. Chat logs, information about voice calls made and received, and a lot of other information is available in these SQLite databases. ![]() Recent versions of Skype are using SQLite databases to keep all history items. Hundreds of millions of people use Skype every day, generating a lot of potential evidence. It is difficult to underestimate popularity of Skype. This article describes common approaches used for the recovery of cleared Skype histories and deleted chat logs, and discusses methods and techniques for recovering evidence from cleared and damaged SQLite databases.
0 Comments
Leave a Reply. |