Portal de Periódicos da CAPES

Forensic artefacts left by Windows Live Messenger 8.0

2007; Elsevier BV; Volume: 4; Issue: 2 Linguagem: Inglês

10.1016/j.diin.2007.06.019

1873-202X

Wouter S. van Dongen,

Internet Traffic Analysis and Secure E-voting

Windows Live Messenger – commonly referred by MSN Messenger – is the most used instant messaging client worldwide, and is mostly used on Microsoft Windows XP. Previous examination into MSN Messenger concludes that few traces reside on the hard disk after MSN usage [Dickson M. An examination into MSN Messenger 7.5 contact identification. Digit Investig 2006;3]. In this article the opposite is concluded based on user settings, contact files and log files. With the use of file signatures and known file structures it is possible to recover useful information when deleted. Programs such as Forensic Box can help to analyse artefacts which are left behind after the use of Windows Live Messenger.