Digital Forensics and Cyber Crime. Third International ICST Conference, ICDF2C 2011, Dublin, Ireland, October 26-28, 2011, Revised Selected Papers

Research Article

Yahoo! Messenger Forensics on Windows Vista and Windows 7

Download54 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-35515-8_14,
        author={Matthew Levendoski and Tejashree Datar and Marcus Rogers},
        title={Yahoo! Messenger Forensics on Windows Vista and Windows 7},
        proceedings={Digital Forensics and Cyber Crime. Third International ICST Conference, ICDF2C 2011, Dublin, Ireland, October 26-28, 2011, Revised Selected Papers},
        proceedings_a={ICDF2C},
        year={2012},
        month={12},
        keywords={Yahoo Messenger Instant Messenger Forensics Windows Vista Windows 7},
        doi={10.1007/978-3-642-35515-8_14}
    }
    
  • Matthew Levendoski
    Tejashree Datar
    Marcus Rogers
    Year: 2012
    Yahoo! Messenger Forensics on Windows Vista and Windows 7
    ICDF2C
    Springer
    DOI: 10.1007/978-3-642-35515-8_14
Matthew Levendoski1,*, Tejashree Datar1,*, Marcus Rogers1,*
  • 1: Purdue University
*Contact email: mlevendo@purdue.edu, tdatar@purdue.edu, rogersmk@purdue.edu

Abstract

The purpose of this study is to identify several areas of forensic interest within the Yahoo! Messenger application, which are of forensic significance. This study focuses on new areas of interest within the file structure of Windows Vista and Windows 7. One of the main issues with this topic is that little research has been previously conducted on the new Windows platforms. Previously conducted research indicates the evidence found on older file structures, such as Windows XP, as well as outdated versions of Yahoo! Messenger. Several differences were found within the Yahoo Messenger’s registry keys and directory structure on Windows Vista and Windows 7 as compared to Windows XP.