Instant messenger programs such as ICQ are often used by hackers and criminals for illicit purposes and consequently the log files from such programs are of interest in a forensic investigation. This paper outlines research that has resulted in the development of a tool for the extraction of ICQ log file entries. Detailed reconstruction of data from log files was achieved with a number of different ICQ software. There are several limitations with the current design including timestamp information not adjusted for the time zone, data could be altered, and conversations must be manually reconstructed. Future research will aim to address these and other limitations as pointed out in this paper.


Anonymous. (2002) Computer-aided crime faces computer-aided forensics. Last Update September 18, 2002, Retrieved 16th April, 2005, from http://www.info.gov.hk/gia/general/200209/18/0918158.htm

Hitu. (2002). IcqHR (Version 1.8).

Mosnews. (2005), U.S. Cyber-Crime Unit Focuses on Russian Hackers. Retrieved 14th April, 2005, from http://www.mosnews.com/news/2005/04/05/compcrime.shtml

Poulsen, K. (2005), Hacker penetrates T- Mobile Systems, Retrieved 14th April, 2005, from http://www.crimeresearch.org/news/12.01.2005/892/

Soeder, D. (2000), Icqnewdb.txt. Last Update 19th April, 2000, Retrieved April 6, 2005

Strickz. (2002), ICQ Db Specs. Last Updated 8th July, 2002, Retrieved April 5, 2005, from http://cvs.sourceforge.net/viewcvs.py/mirandaicq/Plugins/import/docs/import-ICQ_Db_Specs.txt



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.