- Static Versus Dynamic Analysis
- Dating Apps
- Rideshare Apps
- Communication Apps
- Summary
- Key Terms
- Assessment
This chapter is from the book
This chapter is from the book
This chapter is from the book
Communication Apps
Communication apps, such as WhatsApp, Signal, Viber, and Skype, are arguably more important than traditional cellphone or landline calls for numerous reasons. The first reason is that it is a lot easier to obtain content from these apps than to obtain a Title III Wiretap. Secondly, the content is so much richer than a traditional call or a text message. For example, consumers will share rich content, while reacting to the comments of others. In other words, you can find group chats that can link individuals and see emoticons and other reactions to messages that demonstrate personalization and behavior.
Skype
Law enforcement today understands that cellular communications generally account for a minority of smartphone communications. In fact, criminal gangs will often prefer using mobile communication apps over traditional cellular calls. Therefore, it is essential to have a good understanding of applications like Skype, Viber, enLegion, and WhatsApp.
Skype is a peer-to-peer (P2P) communication application that facilitates free video, voice, and instant messaging (IM) using a Wi-Fi connection. Skype also allows for file transfer to other Skype contacts and fee-based voice calls to landline phones and cellular phones using VoIP. Skype can be used with Mac computers, personal computers, tablets, smartphones, smart televisions, smart Blu-ray players, and game systems that include Xbox One and Sony’s PS Vita PlayStation.
There are close to 300 million active monthly users worldwide. The company was purchased by Microsoft Corporation in 2011 for $8.5 billion.
Skype Location
Location is important in terms of jurisdiction, when conducting an investigation. If the investigation is being conducted in the United States, then having a corporate location in the U.S. is helpful. However, even the presence of a server in the U.S. can enable law enforcement to subpoena that entity.
Skype is headquartered in Luxembourg but also has offices in London (U.K.), Palo Alto (U.S.A.) and Tallinn (Estonia), Prague (Czech Republic), Stockholm (Sweden), Moscow (Russia) and Singapore.
Skype Encryption
Instant messages (IM), between the Skype and chat service in the Cloud, are encrypted using TLS (transport-level security). IM between two Skype users are encrypted using AES (Advanced Encryption Standard). Voice messages are encrypted when sent to the recipient. However, when the voice message is downloaded and listened to, it is stored on the client’s computer in an unencrypted way. Skype calls are also encrypted. When the user logs in, Skype will verify the user’s public key using 1536 or 2048-bit RSA certificates.
Skype Evidence
The SQLite database file associated with Skype is main.db. The following files can be found within this SQLite database:
DbMeta
Contacts
Videos
SMSes
CallMembers
ChatMembers
Alerts
Conversations
Participants
VideoMessages
LegacyMessages
Calls
Accounts
Transfers
Voicemails
Chats
Messages
ContactGroups
AppSchemaVersion
MediaDocuments
MessageAnnotations
Translators
tracker_journal
The Registry key associated with Skype is located here:
HKEY_CURRENT_USER\Software\Skype.
On a Windows PC, the file is located here:
%localappdata%\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalState\<Skype Name>
On a Mac, the file is located here:
~/Library/Application Support/Skype/YourSkypeName/main.db
Table 10.1 and Table 10.2 display PLists associated with applications that may be of interest to investigators. More information about PLists can be found in Chapter 12, “Mac Forensics”.
Table 10.1 Application PLists
Application |
SQLite File |
PList |
Friends.sqlite |
com.facebook.Facebook.plist |
|
com.linkedin.LinkedIn.plist |
||
Dropbox |
Dropbox.sqlite |
com.getdropbox.Dropbox.plist |
Skype |
main.db |
com.skype.skype.plist |
Amazon |
com.amazon.Amazon.plist |
|
eBay |
com.ebay.iphone.plist |
|
Google Maps |
MapTiles.sqlitedb |
|
Tinder |
Tinder2.sqlite |
|
ChatStorage.sqlite |
net.whatsapp.WhatsApp.plist |
Table 10.2 Apple App .db Files
Apple App |
SQLite File |
Phone |
AddressBook.sqlitedb |
Calendar |
Calendar.sqlitedb |
Phone |
Voicemail.db |
Phone |
Call_history.db |
Messages |
Sms.db |
Safari |
Safari/History.db |
Maps |
Maps/History.plist |
Siri |
ManagedObjects.SQLite |