An Overview of Skype
Skype is an Internet based instant communication application that allows messaging and calling (both video and voice) between computers, mobile phones and landline phones using VOIP (Voice Over Internet Protocol).
Skype allows communication between parties via encrypted TLS (Transport-Level Security) to encrypt messages between the user and the chat service or AES (Advanced Encryption Standard) to encrypt messages sent between two Skype users.
Skype encrypts voice messages over the network, however, those messages are not stored within encrypted files on the recipient computer.
This means that it is not possible to intercept Skype communication as, in theory, only the end users hold the decryption keys for any messages and calls sent to them.
Therefore, an investigation of Skype activity between users requires access to at least one of the devices used to send or receive that communication in order to identify the content of those messages.
Where live video or voice calls are made via Skype, the content of that communication is not normally stored and cannot normally be determined at a later date.
Skype stores the relevant files that are normally involved as part of a forensic investigation within the following locations by default:
Windows Versions up to XP
\Documents and Settings\[User Profile]\Application Data\Skype\[Skype User Name]
Windows Vista and later
\Users\[User Profile]\AppData\Roaming\Skype\[Skype User Name]
\.Skype\[Skype User Name]
\Users\[User Profile]\Library\Application Support\Skype\[Skype User Name]
Skype Forensics – Main.db File
Skype stores the communication activity, including time/date of calls, messages and the content of those messages within the main.db file.
The main.db comprises of an Sqlite3 database with the information located within different table of that file.
The accounts table contains information about the Skype user accounts including the user name, the email address configured with the account, the profile image and full name.
The calls and callsmembers table contains a record of the calls that have been made and received from the Skype account(s) configured with the application on that device including the length of time that those calls took place and the identity of the user names involved.
The contacts table contains a record of the users contacts, including their Skype user names, their display names as well as any other information associated with the account.
The Skype chat messages are stored within the main.db and within dat files contained within the chatsync sub-folder of the main directory that contain the complete conversations, including group and one to one chats. The user names of the parties and time/date stamps (in UNIX format) are recorded within these dat files.
The transfers table contains information regarding any files that have been transferred between the users of the device and others. This information includes the file name, file size as well as the Skype user name of the sender/recipient and the folder that the file had been stored to.
About Athena Forensics
For information on our digital forensic services or if you require any advice or assistance please contact a member of our team on 0845 882 7386 or via email on firstname.lastname@example.org, further details are available on our contact us page.
Our client’s confidentiality is of the utmost importance. All correspondence is treated with discretion, from initial contact to the conclusion of any computer forensics investigation.
Our digital forensics experts are fully aware of the significance and importance of the information that they encounter and we have been accredited to ISO 9001 for 10 years.
Our forensic experts are all security cleared and we offer non-disclosure agreements if required. Our premises along with our security procedures have been inspected and approved by law enforcement agencies.
Athena Forensics do not disclose personal information to other companies or suppliers.