Wednesday, September 8, 2010

Google Voice - Call phones - lovin' the log!

I decided to give Google Voice a try - was kind of difficult to ignore the "reminder" that popped up each time I logged into a GMail account.  Here's what I learned:
- CallerID shows the originating number coming from (760) 705-8888.
- Voice quality was good.  During my tests, I spoke with a colleague and we estimated the lag as 1 second. 
- very easy to use.

Now in Googling the phone number from the call display, I noted that the prank/harassing phone calls are starting already.  So, I decided to see what I could find in terms of call history on the originating (source) computer.  Like so many programs, Google Voice leaves a log - an a nicely detailed log at that!

Location/Path:  (Copied from EnCase-USER Acct edited for privacy)    
GMail Phone\C\Users\USER\AppData\Local\Google\Google Talk Plugin\gtalkplugin-c1598929683.log.bz2


Call History from within Google Account (required to be logged in).

Inside the bz2 archive is single log file containing a wealth of information including:
- IP address of the computer used (including port). Also includes NAT'ed IP address.
- full information on the computer used, including CPU details, OS, GPU details, etc.
- date/time stamps (GMT)
- associated GMail address.
- list of all network adapters on computer and their associated IP addresses.
- reference to address "+1XXX XXX-XXXX@voice.google.com" (XXXX - numbers from the 10 digit phone# removed for privacy)
- log is fully timestamped and appears to contain a lot more information.
- each call generated an individual log file within it's own bz2 archive.


I found the log file quite detailed.  To activate the phone feature, make a 1-1/2 minute call and disconnect, the log file generated approx 247 entries.  As much of the information was new, I imported the log file into Splunk on my MacBook Pro.  Seamlessly, the log file was parsed (with exception of a few stray lines of left-over log entries - which appear to have been created by the use of the right-square bracket.  This is the 3rd time I've used Splunk this last week - absolutely invaluable). 

Definitely more to look through......

4 comments:

  1. Brilliant! Thanks for sharing, that's going to be seriously useful information to many of us, in no time at all! Thanks again!

    Jason F. Conley, CPP, CCE
    Digital Forensics Canada

    ReplyDelete
  2. I found 3 files on the computer (gtalkplugin-cxxxxx.rar) and after opening it, it says there were 3 calls made from the computer. It says the time, IP (static?) and the cell phone number that was called twice and an email address (??) once. The email account, that the calls were made from is unknown to me. Is it possible, that someone made a call from outside the computer? Is there a chance that that call was not actually made? If yes, then what happened? Did the computer get hacked? I am using some credit card etc information from the computer and this kinda worries me...

    ReplyDelete
  3. I want to use pin less calling with registered numbers but i also want to control my bill by viewing and tracking call history online from all registered numbers .

    ReplyDelete
  4. I am very much pleased with the contents you have mentioned...voip phone rochester ny

    ReplyDelete