Blog >> Android ICQ

Investigating Android ICQ

06/09/2024 Friday

ICQ is a cross-platform instant messaging and VoIP client. It is a free messaging application first known in the late 1990s. ICQ was one of the first messaging platforms known on the Internet after its initial release in November 1996, and it continued to be part of the market until its last release in May 2022.

Digital Forensics Value of Android ICQ

ICQ as most of the instant messaging applications; holds significant value in digital forensics. ICQ With its widespread use in the old days and being one of the most adopted options for Instant Messaging, analyzing the artifacts left behind by ICQ can provide valuable insights for forensic investigations. As an integral mode of communication, ICQ's messages, media files, and call records can offer crucial evidence in tracking and uncovering user activities.

Location of Android ICQ Artifacts

Android ICQ artifacts can be found at the following location:
*/0/data/com.icq.mobile.client/databases/app_database.db

Analyzing Android ICQ Artifacts with ArtiFast

This section will discuss how to use ArtiFast to extract Android ICQ artifact from Android devices' files and what kind of digital forensics insights we can gain from the artifact.

After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select Android ICQ artifact parsers:

Once ArtiFast parsers plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Android ICQ artifact in ArtiFast.

Android ICQ Conversations

• Time: The date and time of the entry.
• Last Message Time: The date and time of the last message in the conversation.
• Sender’s Last Message ID: The ID of the sender’s last message in the chat.
• Receiver’s Last Message ID: The ID of the receiver’s last message in the chat.
• Receiver’s Last Message: The receiver’s last message in the chat.
• Sender’s Last Message: The sender’s last message in the chat.
• Is Muted: Indicates whether this chat was muted or not.
• Conversation ID: The ID of the chat.
• Conversation Name: The name of the chat.
• Receiver Phone Number: The receiver’s phone number.
• Member Count: The conversation member count.

Android ICQ Messages

• Time: The date and time the message was sent.
• Message Content: The message body.
• Message ID: The message ID.
• Sender Name: The name of the message sender.
• Sender ID: The user ID of the message sender.
• Conversation ID: The ID of the chat.
• Conversation Name: The name of the chat.
• Message Direction: The message direction whether it was incoming or outgoing.

Android ICQ Calls

• Call Date: The date and time of the call.
• Call Direction: The call direction whether it was incoming or outgoing.
• Participants Names: The names of the participants of the calls.
• Related Message ID: The message ID.
• Receiver Name: The name of the call receiver.
• Call ID: The call ID.
• Conversation ID: The ID of the chat.
• Conversation Name: The name of the chat.
• Call Type: Whether the call was video or audio.
• Status: The status of the call whether received or missed.

Android ICQ Gallery Items

• Send Date: The date and time the item was sent.
• Message Content: The message body.
• Media Caption: The media caption.
• Message ID: The message ID.
• Sender Name: The name of the message sender.
• Sender ID: The user ID of the message sender.
• Media Type: The media type.
• Conversation ID: The ID of the chat.
• Conversation Name: The name of the chat.
• Message Direction: The message direction whether it was incoming or outgoing.

For more information or suggestions please contact: ekrma.elnour@forensafe.com