School of Computer and Information Science, Edith Cowan University, Perth, Western Australia
Instant messenger programs can generate log files of user interactions which are of interest to forensic investigators. Some of the log files are in formats that are difficult for investigators to extract useful and accurate information from. The official ICQ client is one such program. Users log files are stored in a binary format that is difficult to understand and often changes with different client versions. Previous research has been performed that documents the format of the log files, however this research only covers earlier versions of the client. This paper explores the 2003b version of the ICQ client. It documents the analysis process that was undertaken, the files found, much of their structure, and the structure of the records found within. It attempts to provide an accurate and reasonable description of any issues and presents possible solutions to those issues. Finally a brief conclusion is provided which lists outstanding issues.