Skype synchronizes chats, text messages and files sent and received with the Microsoft Account backend. Accessing Skype conversation histories by performing a forensic analysis of the user’s Microsoft Account is often the fastest and easiest way to obtain valuable evidence. Learn how to use Elcomsoft Phone Breaker to quickly extract the complete conversation histories along with attachments and metadata from the user’s Microsoft Account.
With over 1.55 billion accounts and more than 420 million daily users, Skype is one of the world’s biggest instant messaging apps. While there is no lack of competition in the highly crowded market of instant messaging apps, Skype maintains its user base. This feature-rich app is available for all relevant platforms, and is actively developed and frequently updated by Microsoft. Skype is secure (enough) while maintaining transparency to the law enforcement, which makes Skype the only allowed VoIP communication app in countries such as the UAE. The free Skype-to-phone calls included with all Microsoft Office 365 subscriptions help Skype gain popularity among corporate and small office users, while integration with Alexa and Cortana voice assistants makes Skype the tool of choice for voice calls.
Skype conversations are automatically synced with the back end along with attachments. While text chats are stored on Microsoft servers indefinitely or until manually deleted by the user, attachments are only kept for the maximum period of 30 days. After the 30-day retention period, any files users send or received are automatically purged from the server and are no longer accessible. However, Microsoft still retains information about these files (the metadata), allowing experts to find out the name and type of attachments, file sizes, as well as the date and time.
Having said that, one can use Microsoft’s own tool to request and view Skype data from the account. However, information returned by the Microsoft’s tool lacks certain data about the chats and files that have been either deleted by the user or purged from Microsoft servers as a space-saving measure. This is why we developed the tools to extract and view all Skype-related information available in the user’s Microsoft Account.
We have exactly two tools to be used in connection with Skype data. First, there is Elcomsoft Phone Breaker, a tool to download Skype conversation histories from Microsoft servers. You would then use Elcomsoft Phone Viewer to browse through and analyze the downloaded data.
Available information
We download Skype conversation histories, messages, media files, contact lists and metadata directly from the user’s Microsoft Account.
What is required to download Slype data?
In order to access this information, full authentication credentials are required including the user’s Microsoft ID (typically, their Hotmail.com, Live.com or Outlook.com email address), password, and the second authentication factor if two-factor authentication is enabled.
Skype metadata
In addition to existing data, Elcomsoft Phone Breaker can extract so-called Skype metadata. Skype metadata gives experts insight about stuff that is no longer stored on Microsoft servers. Users can delete chats and conversations, and they will be gone from the server. Files sent and received in Skype are automatically purged from Microsoft servers after the 30-day retention period. Traces left behind these deleted chats and purged files are called metadata. Skype metadata includes information such as the date and time, size, file name, sender, and chat name.
In order to download Skype data, you’ll need Elcomsoft Phone Breaker 9.40 or newer.
In order to view the data you have just downloaded, use Elcomsoft Phone Viewer 4.20 or newer.
Gain full access to information stored in FileVault 2 containers, iOS, Apple iCloud and Windows Phone devices! Download device backups from Apple iCloud and Microsoft OneDrive servers. Use Apple ID and password or extract binary authentication tokens from computers, hard drives and forensic disk images to download iCloud data without a password. Decrypt iOS backups with GPU-accelerated password recovery.
Elcomsoft Phone Viewer is a fast, lightweight forensic viewer for quickly accessing information extracted from mobile backups. Supporting a variety of platforms and data formats, the tool can display information extracted from local and cloud iOS backups and Microsoft Accounts. Password-protected iTunes backups can be automatically decrypted and analyzed without using third-party tools.