Viber PC is a Japanese corporation Rakuten's that provides cross-platform voice-over IP (VoIP) and instant messaging (IM) web service. Viber PC allows users to send any kind of message such as text, video, contact info, and audio, and to exchange and share data with other users. In addition to that, Viber PC is available on Windows, macOS, Linux, Android, and iOS devices.
In Viber PC artifacts provide information about phone/video calls, messages, and the application configuration data. Viber stores chats on devices members. New chat messages are stored in the Viber cloud and can be retrieved from there. This information is critical during the forensic analysis process as it helps us understand the types of artifacts that are likely to remain for digital forensics investigators.
In Windows 10 Viber PC artifacts are located at C:\Users\username\AppData\Roaming\ViberPC
Viber PC artifacts are found in three SQLite databases: config.db which contains information about the ac-counts settings, data.db which contains the auxiliary data, and viber.db which contains information about Viber messages, calls, and contacts.
This section will discuss how to use ArtiFast Windows to extract Viber PC artifacts from Windows machines and what kind of digital forensics insight we can gain from the artifacts.
After you have created your case and added evidence for the investigation, at the Artifact Parser Selection Phase, you can select Viber PC artifacts:
Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Viber PC artifacts in ArtiFast software.
Viber PC Calls Artifact
Viber PC Chats Artifact
Viber PC Settings Artifact