HOME       POLICIES       SUBMISSION        PEOPLE        ARCHIVES         CONFERENCES        CONTACT

ABSTRACT


For the commercial industry, instant messaging (IM) is very useful software. Cisco’s Jabber is an enterprise IM tool used primarily for intra-company communication. In the past, SQL tools used to identify and analyze these chat threads have had their limitations in the way they display outputs, specifically in regard to the time relating to the chat and the appearance of the output. In this article, the authors conduct forensic examinations of a Cisco Jabber chat thread using three methods of analysis: SQLite Manager, SQLite CLI, and a Python script written by the authors. Their findings suggest that the custom Python script converted the timestamp into a more discernable format and that it removed the HTML format of the message payload making it easier to read and interpret.

KEYWORDS

Instant Messaging, Cisco Jabber, Python, SQLite CLI, SQLite Manager, Forensic Examination.
ARCHIVES
To return to the Volume/Number webpage, click here.
THE INTERNATIONAL JOURNAL OF FORENSIC COMPUTER SCIENCE - IJoFCS

Volume 12, Number 1, pages 27-35, DOI: 10.5769/J201701003 or http://dx.doi.org/10.5769/J201701003


Cisco’s Jabber: A Closer Look with a Python Script


By  Douglas A. Orr, and Michael Reiter



To download this paper, click here.