Yahoo! Messenger Forensics on Windows Vista and Windows 7

The purpose of this study is to indicate several areas of interest within the Yahoo! Messenger application that are of forensic significance. This study will mainly focus on new areas of interest within the file structure of Windows Vista and Windows 7. One of the main issues with this topic is that little research has been previously conducted on the new Windows platforms. The previously conducted research indicates evidence found on older file structures, such as Windows XP, as well as outdated versions of Yahoo! Messenger. Yahoo! Registry at a Glance File Location Description Windows Vista Windows 7 HKEY_CURRENT _USER \Software\Yahoo \Pager Gives the Yahoo ID of the user Yahoo user id Yahoo user id Gives the installed version of Yahoo Messenger Yahoo version Yahoo version Gives the version revisions of Yahoo Messenger Yahoo version revisions Yahoo version revisions Shows if the password is saved Saved password Saved password Shows if auto sign in for Yahoo Messenger is turned on or off Auto sign in Auto sign in Shows the number of allowed P2P users P2P count HKEY_CURRENT _USER \Software\Yahoo \Pager\profiles \profile_name \chat Gives the last selected chat room category Chat Chat HKEY_CURRENT _USER \Software\Yahoo \Pager\profiles \profile_name \chat\favorite rooms Gives the list of saved favorite rooms for the user Favorite Room Favorite Room HKEY_CURRENT _USER \Software\Yahoo \Pager\profiles \profile_name \FT gives the last saved location of a received file and the last sent location of a transferred file FT FT HKEY_CURRENT _USER Software\Yahoo \Pager\profiles \profile_name \FriendIcons Gives the icon that the user has set for himself/herself that is displayed to the user’s friends. FriendIcons FriendIcons