Forensic artefacts left by Pidgin Messenger 2.0 |
| |
| Affiliation: | 1. Department of Radiology and BRIC, University of North Carolina at Chapel Hill, Chapel Hill, NC 27599, USA;2. College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 210016, China;3. Department of Information Science and Engineering, Chongqing Jiaotong University, Chongqing 400074, China;4. Department of Radiology, Xuanwu Hospital, Capital Medical University, Beijing 100053, China;5. Digital Medical Research Center, School of Basic Medical Science, Fudan University, Shanghai 200032, China;6. Shanghai Key Laboratory of Medical Image Computing and Computer-Assisted Intervention, Shanghai 200032, China;7. Department of Brain and Cognitive Engineering, Korea University, Seoul 02841, Republic of Korea;1. Faculty of Information Technology, Brno University of Technology, Czech Republic;2. Cyber Forensics Research & Education Group, Tagliatela College of Engineering, ECECS, University of New Haven, 300 Boston Post Rd., West Haven, CT, 06516, USA |
| |
| Abstract: | Pidgin, formerly known as Gaim, is a multi-protocol instant messaging (IM) client that supports communication on most of the popular IM networks. Pidgin is chiefly popular under Linux, and is available for Windows, BSD and other UNIX versions. This article presents a number of traces that are left behind after the use of Pidgin on Linux, enabling digital investigators to search for and interpret instant messaging activities, including online conversations and file transfers. Specifically, the contents and structures of user settings, log files, contact files and the swap partition are discussed. In addition looking for such information in active files on a computer, forensic examiners can recover deleted items by searching a hard drive for file signatures and known file structures detailed in this article. |
| |
| Keywords: | |
| 本文献已被 ScienceDirect 等数据库收录! |
|
