• Have questions about this item?

  • Contact us

Description


Locates and parses chat records originating from GigaTribe V3 chat-log files.

The script can either treat the entries being parsed as GigaTribe chat-log files; alternatively it can search said entries for chat messages using a keyword search.

If the examiner chooses the first option then any entry being parsed will be checked for the proper chat-log signature, which is currently the characters 'ch' followed by the value 0x0a (stored as a 4-byte Big-Endian integer value) and then the version string '1.0.1'.

Keyword searching can be used to search areas such as unallocated clusters but this is much more difficult than parsing a complete chat-file.

The reason for this is that individual chat records don't have a static signature - they consist almost entirely of variable data.

Taking this into account, the script needs to know the IDs of the GigaTribe users that have sent the messages that the examiner is interested in. Without this information, the script would encounter many false hits and most likely crash whilst attempting to parse them.

The requirement to provide the sender ID may prove tricky when trying to locate messages both sent-from and received-by the local user.

It should be fairly easy to identify the GigaTribe ID of the local user by examining his/her Gigatribe Registry settings and then using the script to identify messages that he/she sent, it's the identification of messages sent to the local user that is the difficult bit.

To overcome this problem it may be necessary to run the script once in order to determine the recipient IDs of GigaTribe users to which the local user has sent messages. The script can then be run again using those recipient IDs as sender IDs.

In order to make this process a little easier, the script provides the option of generating a list of unique recipient IDs, which it will gather at the time of processing and write to a note bookmark in the root bookmark folder. This list can be copied and pasted into the sender-ID list-box the next time the script is executed.

Output is by way of bookmarking and a tab-delimted spreadsheet-file.

Note that the timestamp of an offline message relates to when that message was received by the GigaTribe server; it is stored as local-time and presented as such by the script. At the time of writing this the GigaTribe servers are located in France; the timestamps of offline message should reflect this.

This script was developed for use in EnCase training. For more details, please click the following link:

Releases

Release
Size
Date
GigaTribe V3 Chat Parser 2.0.0
  |  
Aug 1, 2024
More info Less info
Product compatibility
Release notes

Tested with:
EnCase Forensic 7.06

Languages
English
Files

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.
Unsubscribe Cancel

Marketplace Terms of Service

In order to continue, you must accept the updated Marketplace Terms of Service
Since you are downloading an app from the OpenText Marketplace, you need to accept the updated Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.


Accept Cancel
Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2025-2-1-6322 | Wed Feb 5 16:30:41 PST 2025