Discord Investigations

Written by Amber Schroader

August 20, 2020

Even if you do not game online you might be familiar with the Discord platform. This communications hub is used by over a quarter of a billion people worldwide to communicates to their friends via voice, video, or text. You can also join larger communities/servers to talk with other people with similar interests. Although Discord was designed for gaming many communities of people have adopted Discord as a means to share information. This mass adoption has opened up Discord as a good source for digital evidence.

Discord is available both on a desktop environment with any variety of operating system choices as well as on both iOS and Android mobile platforms. Each server has a variety of channels that can be joined based on specific topic areas or one can be made for the group that you create. Each individual can join up to 100 servers and you can adjust which of those servers you want notifications on with mentions of you, etc. Each of those servers can have 500,000 users so as you might guess this is a great hub for communications. Servers can be public or private depending on how they were set up. Typically, a public server focuses on a fan of a particular topic that is more common such as Minecraft. Private servers can be focused to know people in a group such as DFIR which has a Discord server.

Discord is free and you can do most of the functions without any issues, but there are options to pay that can add new capabilities to your profile. The big draw on a pay account is the improvement to video streaming which is more applicable to the gaming groups. Servers can also get boosts that get bonuses to all the members of the server.

So, why does all this matter in digital forensics? With Discord a primary hub of communication for Gen Z it is important to include such information in your investigation. However, investigating Discord can be tricky with the methods it authenticates.

Step 1. Get Consent

With all things cloud-based you need the consent of the user to be able to use their credentials to log in to their account.

Step 2. Stay on Network

The way the Discord tokens work is they are authenticated to an IP address. To ensure you do not need to also log in to the email of the person’s credentials you are using you need to make sure you do your collection while on the same IP address as the consenting individual.

Step 3. Input Credentials

Using the Cloud Import Wizard, you can import the credentials of the consenting individual to begin your collection.

There are a variety of filters you can use when you are bringing in the data from Discord. From date range to the areas you want to collect from. 

Details you can collect include:

  • Server Name
  • Channel Name
  • Direct Messages
  • Usernames
  • Avatars
  • Attachments
  • Messages
  • Date last modified
  • Calls
  • Friends Status
    • Accepted friend
    • Blacklisted user
    • Pending user
    • Waiting for user to accept the invitation

Once the data is collected it can be reviewed with indexing, OCR, and searches. Note there is a limit of 10,000 records per grid that can be collected. As a new piece of evidence in your investigation will be shocked on what valuable insights you can get on your suspect based on their Discord data.

Review the entire capture process with the following video tutorial from the Paraben YouTube channel at ParabenForensics

Forensic-Impact Articles

What Parents Need to Know About Roblox

What Parents Need to Know About Roblox

Shared from a post written by Nicole Gray of Infinity Investigative SolutionsIt’s the number one online entertainment platform for youth under the age of 13, and number two for teens 13-17 so chances are your child and their friends are already on it.  Roblox is an...

The GDPR & The CCPA a Quick Look with a Forensic Twist

The GDPR & The CCPA a Quick Look with a Forensic Twist

With the recent passages of these two key pieces of legislation, many people use the terms of the CCPA and the GDPR together, as if they literally mean the same thing. However, while the two have been crafted and designed to protect Personal Identifiable Information...

Data Security Issues With The Remote Workforce

Data Security Issues With The Remote Workforce

The concept of the Remote Workforce has now become a reality for the long term, going well into 2021, and possibly even beyond. While most Cyber experts were predicting that a near 99% Virtual Workforce was possible in 4-5 years, it came to fruition in just a matter...