Skype is a popular peer-to-peer (P2P) voice over IP (VoIP) application evolving quickly since its launch in 2003. However, the ability to traverse network address translation (NAT) and bypass firewalls, as well as the induced bandwidth burden due to the super node (SN) mechanism, make Skype considerably a threat to enterprise networks security and availability. Because Skype uses both encryption and overlays, detection and blocking of Skype is nontrivial. Motivated by the work of Biondi and Desclaux [3], we adopt the view of Skype as a backdoor and we take a forensic approach to analyze it. We share our experience in this paper. With the forensic evidence, we identify a transport layer communication framework for Skype. We further formulate a set of socket-based detection and control policies for Skype traffics. Our detection method is a hybrid between payload and non-payload inspections, with improved accuracy and version sustainability over the traditional payload-only approaches....