Instant messenger programs such as ICQ are often used by hackers and criminals for illicit purposes and consequently the log files from such programs are of interest in a forensic investigation. This paper outlines research that has resulted in the development of a tool for the extraction of ICQ log file entries. Detailed reconstruction of data from log files was achieved with a number of different ICQ software. There are several limitations with the current design including timestamp information not adjusted for the time zone, data could be altered, and conversations must be manually reconstructed. Future research will aim to address these and other limitations as pointed out in this paper.
Anonymous. (2002) Computer-aided crime faces computer-aided forensics. Last Update September 18, 2002, Retrieved 16th April, 2005, from http://www.info.gov.hk/gia/general/200209/18/0918158.htm
Hitu. (2002). IcqHR (Version 1.8).
Mosnews. (2005), U.S. Cyber-Crime Unit Focuses on Russian Hackers. Retrieved 14th April, 2005, from http://www.mosnews.com/news/2005/04/05/compcrime.shtml
Poulsen, K. (2005), Hacker penetrates T- Mobile Systems, Retrieved 14th April, 2005, from http://www.crimeresearch.org/news/12.01.2005/892/
Soeder, D. (2000), Icqnewdb.txt. Last Update 19th April, 2000, Retrieved April 6, 2005
Strickz. (2002), ICQ Db Specs. Last Updated 8th July, 2002, Retrieved April 5, 2005, from http://cvs.sourceforge.net/viewcvs.py/mirandaicq/Plugins/import/docs/import-ICQ_Db_Specs.txt
Morfitt, Kim and Valli, Craig
"A Forensic Log File Extraction Tool for ICQ Instant Messaging Clients,"
Journal of Digital Forensics, Security and Law: Vol. 1
, Article 4.
Available at: http://commons.erau.edu/jdfsl/vol1/iss3/4