We present three case studies to illustrate a methodology for conducting forensics investigation on Microsoft Skype for Business. The proposed methodology helps to retrieve information on chat and audio communications made by any account who accessed the PC, to retrieve IP addresses and communication routes for all the participants of a call, and to retrieve forensics evidence to identify the end-user devices of a VoIP call by analyzing the CODECs exchanged by the clients during the SIP (Session Initiation Protocol) handshaking phase. This information may help the investigator either to corroborate or to contradict an investigative hypothesis.

中文翻译：

---

Microsoft Skype for Business的取证分析

我们提供了三个案例研究，以说明对Microsoft Skype for Business进行取证调查的方法。所提出的方法有助于检索访问PC的任何帐户进行的聊天和音频通信的信息，检索呼叫的所有参与者的IP地址和通信路线，以及检索取证证据以识别终端的最终用户设备。通过分析客户端在SIP（会话发起协议）握手阶段交换的编解码器来进行VoIP呼叫。此信息可能有助于调查人员证实或与调查假设相抵触。