Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

IceKitty IceKitty

Digital Artefact Extractor for TeamSpeak3

Developed as part of my B.Sc. (Hons.) Dissertation entitled "Retrieval of Digital Artefacts from TeamSpeak and Discord: A Forensic Investigation and Analysis of the Malicious Use of Gaming Communication Clients"

In citing the use of this tool in any future publications please use the correct citiation "Bryant, O. (2018). Retrieval of Digital Artefacts from TeamSpeak and Discord: A Forensic Investigation and Analysis of the Malicious Use of Gaming Communication Clients."

This script can be used to automate the extraction of localizsed data from the TeamSpeak3 local client databases into a readable CSV format.

The Findings

During the dissertation study a file called "settings.db" was discovered in the AppData\Roaming\TS3Client folder, this database included how many times files had been uploaded and downloaded using the client. The second file found in the same folder called "urls.db" contains a list of URLs clicked on by the client, This information could be very useful for Digital Forensic Analysts conducting cases on Gaming Communication Clients.

Installation Guide

This script has been run and tested with Python3 only, If you do not have a copy of Python3 on your machine please visit and download a fresh copy. In addition the script also requires the third party python package "Another Python SQLite wrapper" also known as "apsw".

Simply run "pip install apsw" to get this package.

User Guide

In order to extract the user settings/urls databases you must have a copy of the settings.db and urls.db file. These can be found at the following folder directory "C:\Users\USERNAME\AppData\Roaming\TS3Client".

Once you have a copy of the file on your local machine you can run this example command.

python3 -u urls.db -o urls.csv

This will generate a CSV of the data found in the urls.db database.

In order to do the same with the settings.db simply switch the arguments from -u to -s, for example

python3 -s settings.db -o settings.csv

To view all the flags available run the -h command.


This tool is for RESEARCH PURPOSES ONLY! I am not responsible for any damages of misuse of this tool. Please use with caution.


This tool is licenced under MIT License.


The "IceKitty" branding is copyright of © Kitty Magician 2018.

With Thanks

I wish to thank the following people and organisations who helped me during my Dissertation.

  • Giri, Chris, Nicki, Peter, Dan, Peter, Clare and Sophie
  • Ms. Georgina Humphries
  • Mr. Danny Webb
  • Dr. Ian Kennedy
  • Canterbury Christ Church University, School of Law, Criminal Justice and Computing
  • AyDesign
  • Thanks also goes out to Discord LLC and TeamSpeak GmBH for providing me permission to conduct my Dissertation on Gaming Communication Clients.


Digital Artefact Extractor for TeamSpeak3








No releases published


No packages published