Finding Discord chats in Linux - #DFIR review

This is the last entry on the Discord chat files analysis series.

 I have reviewed Discord in the following platforms:

• Finding Discord app chats in Windows 
• Discord Android app review DFIR
• Discord Android app - Missing values not missing
• Finding Discord chats is OS X
• Discord JSON chats to HTML/XLS
• Finding Discord chats in iOS

For Debian based Linux distributions the chat are located in the following directory:

• /home/testing/.config/discord/Cache/

Root structure

The cache folder follows the same structure as the ones in Windows and OS X.

Just like Windows and OS X.

The following links will explain how to extract the json chat objects and how to convert them to html or xls files using a Python script. Although written originally for objects found in Windows the extraction and conversions steps apply all the same.

Extraction of json objects:

 https://abrignoni.blogspot.com/2018/03/finding-discord-app-chats-in-windows.html

Discord json chats conversion to html or xls.

https://github.com/abrignoni/Discord-JSON-chat-conversions

As background on how I located the correct folder I took the following steps:

1. Linux Mint installation using Vmware
2. Installed the Discord program.
3. Searched for Discord related files and folder with the following command:

sudo find / -name discord

/home/testing/.config/discord

4. The correct folder was found in:

• /home/testing/.config/discord/Cache/

5. Followed the extraction and JSON conversion steps detailed in the previous links.
6. Chat JSON fields, format and content the same as in Windows and OS X.

JSON content in HTML format.

As always I can be reached on twitter @alexisbrignoni and email 4n6[at]abrignoni[dot]com.