Pidgin forensics

A brief forensic consideration of Pidgin.

Pidgin stores its per-user configuration files on Linux in ~/.purple/, and on Windows (Vista and newer) in C:\Users\WINDOWS-USER\AppData\Roaming\.purple\. Throughout the rest of this document I shall assume the Linux location; change as necessary for your installation.

If you have Pidgin remember account passwords, they are stored in plain text in ~/.purple/accounts.xml in the password section. If this is unacceptable, place the file in an encrypted volume or do not have Pidgin store passwords. This same file also contains other per-account configuration.

Buddy lists for all accounts are stored in plain text in ~/.purple/blist.xml.

If you have Pidgin log conversations, they are stored unencrypted in ~/.purple/logs/. There is no way to log conversations with some users and not with others; it is an all-or-nothing setting. Logging is normally enabled in the GUI, but the configuration file ~/.purple/prefs.xml can also be directly edited; the relevant section is pref name=’logging’.

Your buddies’ icons are stored in ~/.purple/icons/, and when a buddy changes his icon, the previous one remains here. When you remove a buddy, I do not know if his icon remains in this directory, but if so, that would reveal former buddies.


About Warren Post

So far: Customer support guy, jungle guide, IT consultant, beach bum, entrepreneur, teacher, diplomat, over-enthusiastic cyclist. Tomorrow: who knows?
This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s