• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 841
  • Last Modified:

Google talk

Has anyone ever had any involvement with forensics on a PC trying to get any chat logs when the user uses google talk messenger? I have used it breifly and I know past chat logs are saved on googles servers, I just wondered if there would be any logs saved locally on the PC where the tool is installed as a general rule, or not likely?

Also, is there any tool to see where such logs may be written to in real time, i.e. a tool to scan what programs are saving what data locally? So its easy to narrow down where?

The PC is Windows XP.I read a few articles on instant messenger foresnics and it didnt sound to promising that there would be much in terms of past log history locally, but you may have more experience then those writing the posts/blog entries.

Or any specific software you would recommend that is useful to carve / recover any local google talk artifacts.

If you are willing, a general "you wont find any gtalk artifacts locally", "you may find some snippets of logs locally but not a comprehensive history of every chat every taken place", "you will find all previous logs going back X months" type view based on your experience most welcome to help determine if its worth paying someone to investigate.
0
pma111
Asked:
pma111
  • 3
  • 2
2 Solutions
 
bill_lynchCommented:
http://www.google.com/talk/chathistory.html

It does appear that these get saved in the google account on their servers...
0
 
Dave HoweCommented:
google talk (as used by gmail) doesn't log anything locally.
however, if you are using pidgin or similar it *can* log locally. so first question is what the user is using to access it.

for local forensic research, usually if you use the sysinternals tool "procmon" (which you can obtain from live.sysinternals.com) it will show each process, registry, file, or network action taken by a program while running.
0
 
pma111Author Commented:
I beleive its just the default google talk software.

"C:\Documents and Settings\removed\Application Data\Google\Google Talk\googletalk.exe"
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
Dave HoweCommented:
Ok then, that will *optionally* store a log in the associated gmail account.
It won't log locally.
0
 
pma111Author Commented:
Ok thanks dave. As a general rule is that common for most messenger products. No idea which are the most popular now but msn messenger was always well used. Is there typically little locally in terms of forensic evidence when it comes to instant messenger tools?
0
 
Dave HoweCommented:
typically (with some exceptions, see below), unless the IM does local logging, there is little or no state worth having from the local install. Firewall logs can be more productive (typically the traffic is encrypted, but you can do traffic analysis to show who was using an IM when perhaps they shouldn't have been)

Sometimes local state is held in files that are then deleted when the window is closed - typically in the tmp dir, but sometimes in the local filestore - and skype (by contrast) is a goldmine, with almost all the historic traffic stored in a nice, accessable sqlite db :)
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now