For the commercial industry, instant messaging (IM) is very useful software. Cisco’s Jabber is an enterprise IM tool used primarily for intra-company communication. In the past, SQL tools used to identify and analyze these chat threads have had their limitations in the way they display outputs, specifically in regard to the time relating to the chat and the appearance of the output. In this article, the authors conduct forensic examinations of a Cisco Jabber chat thread using three methods of analysis: SQLite Manager, SQLite CLI, and a Python script written by the authors. Their findings suggest that the custom Python script converted the timestamp into a more discernable format and that it removed the HTML format of the message payload making it easier to read and interpret.
Instant Messaging, Cisco Jabber, Python, SQLite CLI, SQLite Manager, Forensic Examination.
To return to the Volume/Number webpage, click here.
THE INTERNATIONAL JOURNAL OF FORENSIC COMPUTER SCIENCE - IJoFCS
Volume 12, Number 1, pages 27-35, DOI: 10.5769/J201701003 or http://dx.doi.org/10.5769/J201701003
Cisco’s Jabber: A Closer Look with a Python Script
By Douglas A. Orr, and Michael Reiter
To download this paper, click here.