Digital Artefact Extractor for TeamSpeak3
Developed as part of my B.Sc. (Hons.) Dissertation entitled "Retrieval of Digital Artefacts from TeamSpeak and Discord: A Forensic Investigation and Analysis of the Malicious Use of Gaming Communication Clients"
In citing the use of this tool in any future publications please use the correct citiation "Bryant, O. (2018). Retrieval of Digital Artefacts from TeamSpeak and Discord: A Forensic Investigation and Analysis of the Malicious Use of Gaming Communication Clients."
This script can be used to automate the extraction of localizsed data from the TeamSpeak3 local client databases into a readable CSV format.
During the dissertation study a file called "settings.db" was discovered in the
AppData\Roaming\TS3Client folder, this database included how many times files had been uploaded and downloaded using the client.
The second file found in the same folder called "urls.db" contains a list of URLs clicked on by the client, This information could be very useful for Digital Forensic Analysts conducting cases on Gaming Communication Clients.
This script has been run and tested with Python3 only, If you do not have a copy of Python3 on your machine please visit python.org and download a fresh copy. In addition the script also requires the third party python package "Another Python SQLite wrapper" also known as "apsw".
"pip install apsw" to get this package.
In order to extract the user settings/urls databases you must have a copy of the settings.db and urls.db file. These can be found at the following folder directory "C:\Users\USERNAME\AppData\Roaming\TS3Client".
Once you have a copy of the file on your local machine you can run this example command.
python3 icekitty.py -u urls.db -o urls.csv
This will generate a CSV of the data found in the urls.db database.
In order to do the same with the settings.db simply switch the arguments from -u to -s, for example
python3 icekitty.py -s settings.db -o settings.csv
To view all the flags available run the -h command.
This tool is for RESEARCH PURPOSES ONLY! I am not responsible for any damages of misuse of this tool. Please use with caution.
This tool is licenced under MIT License.
The "IceKitty" branding is copyright of © Kitty Magician 2018.
I wish to thank the following people and organisations who helped me during my Dissertation.
- Giri, Chris, Nicki, Peter, Dan, Peter, Clare and Sophie
- Ms. Georgina Humphries
- Mr. Danny Webb
- Dr. Ian Kennedy
- Canterbury Christ Church University, School of Law, Criminal Justice and Computing
- Thanks also goes out to Discord LLC and TeamSpeak GmBH for providing me permission to conduct my Dissertation on Gaming Communication Clients.