Artifacts

Posts Tagged ‘VOIP’


ActionVoip – Windows client

Posted by:  /  Tags: ,

Author Name
Mohammed Faiz Quadri
Artifact or Program Version
4.14 (Same may apply on older versions)
Artifact Description
This artifact is for Actionvoip client for Windows.

ActionVoip is a program to make VOIP calls from the a PC or a Smart phone. It is used by thousands of users worldwide to make free/cheap phones calls. It is not mandatory for a user to provide their identity information while making a call. The user ID shown on the receiving phone is usually an “Unknown” number.
Registry Keys

HKU\<<>>\Software\ActionVoip\ActionVoip\Accounts\Password: <<>>


HKU\<<>>\Software\ActionVoip\ActionVoip\Accounts\Username: “<<>>”

HKU\<<>>\Software\ActionVoip\ActionVoip\CallHistory\<<>>\Count: 0x00000002 —> REG_DWORD value showing the number of calls made from the account

HKU\<<>>\Software\ActionVoip\ActionVoip\CallHistory\<<>>\Call_00: “001234567” —> Values showing the phone number dialed

HKU\<<>>\Software\ActionVoip\ActionVoip\CallHistory\<<>>\Call_01: “0012345678” —> Values showing the phone number dialed

HKU\<<>>\Software\ActionVoip\ActionVoip\<<>>\CallerId: CallerIdForCalls —> Caller ID user for making calls

HKU\<<>>\Software\ActionVoip\ActionVoip\<<>>\CallerId: CallerIdForSMS —> Caller ID user for sending SMS
File Locations
C:\Users\mohfa04\AppData\Roaming\ActionVoip\History_<<>>.dat —> History files showing details of the calls made from the account

Sample Data –

TYPE=CALL
NUMBER=00123456789
NAME=
CALLTYPEV2=2
OTHERPARTYTYPE=2
ENDCAUSE=3
ENDCAUSESIP=-1
ENDCAUSESTRING=
ENDLOCATION=4
CALLSTARTTIME=2013-2-23 16:50:20
CONNSTARTTIME=1970-1-1 5:30:0
CALLENDTIME=2013-3-23 16:50:37
CALLENDTIME=2013-3-23 16:50:37
NEWVOICEMAIL=NO
Research Links
actionvoip.com

Forensic Programs of Use
ProcessExplorer
RegShot

Skype

Posted by:  /  Tags: , , , ,  /  Comments: 4

Author Name
Matt

Artifact Name
Skype

Description
Skype is a desktop application that enables voice and video calls, instant messaging, file transfers, and screen sharing between users.

Registry Keys
HKEY_CURRENT_USER\Software\Skype

File Locations
C:\Documents and Settings\[Profile Name]\Application Data\Skype\[Skype User]

C:\Documents and Settings\[Profile Name]\AppData\Roaming\Skype\[Skype User]

Research Links
https://docs.google.com/viewer?url=http://www.lpcforensic.it/public_html/yabbfiles/Attachments/SkypeLogFileAnalysis.pdf

http://nickfurneaux.blogspot.com/2010/03/skype-chat-carver-from-ram-skypeex.html

Subpoena Contact – http://search.org/programs/hightech/isp/default.asp#207

Forensic Programs of Use
Skype Log View – http://www.nirsoft.net/utils/skype_log_view.html

Skype Parser – http://redwolfcomputerforensics.com/index.php?option=com_content&task=view&id=42&Itemid=55

Skype Analyzer – http://belkasoft.com/bsa/en/Skype_Analyzer.asp

SkypeAlyzer – http://www.sandersonforensics.com/content.asp?page=440