Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

Skype Chatsync IP Addresses

Most people are aware of the SQLite databases that Skype uses and the information they contain. Another common file associated with a Skype chat is the 'chatsync' file. This file is a proprietary format and it contains some very useful information, such as the user names of the people in the chat (even group chats). In addition to the usernames of each user, each user's local (LAN) and external (WAN) IP addresses are often recorded in this file. This information can be very useful in helping identify or locating a particular user during a specific time. A chatsync file is generally created for each chat "session'. You can select (blue check) any/all chatsync files in EnCase v6 or 'tag" them with 'chatsync' in EnCase v7 and run the below linked EnScript.

This EnScript will parse out the IP addresses and write them to the console as well as bookmark the artifacts. http://www.forensickb.com/2014/01/encase-enscript-v6-v7-to-parse-skype.html

http://www.Forensickb.com Customized EnCase EnScript development (v6 & v7) Customized Forensic Automation / Workflow Efficiency

Download Now



Version: 1
Tested with:
EnCase Forensic 7.08
Developer: Lance Mueller
Category: Artifact

4159 DOWNLOADS

YOU MAY ALSO LIKE

Artifact

WebCacheV01.dat Internet History Decoder

This EnScript parses Internet history data from WebCacheV01.dat files. This includes the Internet history data generated by the Microsoft Internet Explorer and Edge web-browser programs.
By Simon Key
7449 Downloads
App
Artifact

ShellBags Parser

Parses recent-folder view settings maintained by the Microsoft Windows operating system.
By Simon Key
141 Downloads
App
Artifact

User Assist Registry Value Decoder

Decodes data used by the Microsoft Windows operating system to populate each user's start menu with frequently used applications.
By Simon Key
98 Downloads
App
Artifact

Windows Search Application Data Parser

This script parses data maintained by the Windows search function relating to recently-used applications and documents
By Simon Key
84 Downloads
App