Structural analysis of the log files of the ICQ client version 2003b
Document Type
Conference Proceeding
Publisher
School of Computer and Information Science, Edith Cowan University
Faculty
Faculty of Computing, Health and Science
School
School of Computer and Information Science
RAS ID
5082
Abstract
Instant messenger programs can generate log files of user interactions which are of interest to forensic investigators. Some of the log files are in formats that are difficult for investigators to extract useful and accurate information from. The official ICQ client is one such program. Users log files are stored in a binary format that is difficult to understand and often changes with different client versions. Previous research has been performed that documents the format of the log files, however this research only covers earlier versions of the client. This paper explores the 2003b version of the ICQ client. It documents the analysis process that was undertaken, the files found, much of their structure, and the structure of the records found within. It attempts to provide an accurate and reasonable description of any issues and presents possible solutions to those issues. Finally a brief conclusion is provided which lists outstanding issues.
DOI
10.4225/75/57b13687c7055
Access Rights
free_to_read
Comments
Morfitt, K. (2006). Structural analysis of the log files of the ICQ client version 2003b. Paper presented at the Proceedings of 4th Australian Digital Forensics Conference. Available here