Analysis of DB files based on compound document format

In Internet era, instant messaging software are closely linked with Net users. However, with enormous growth of instant messaging software users, a lot of lawbreakers carry out criminal activities using them as a medium. Then, mining and analyzing the useful clues from raw data left on the computer has become a significant means and research area for investigation and forensics. In this paper, taking Tencent QQ2008, which is China´s most popular instant messaging software, as an example, we firstly deeply research into the information storage structures as well as the data encryption method of QQ Friends List file and QQ Chat Log file whose file suffix known as DB. Based on this, through parsing the DB files, we have obtained comprehensive analysis results of friends list and chat log. Most importantly, an analysis tool has been developed, which proves to be useful for computer investigation and forensics in practical use.