Skype is a popular peer-to-peer (P2P) voice over IP (VoIP) application evolving quickly since its launch in 2003. However, the ability to traverse network address transla- tion (NAT) and bypass firewalls, as well as the induced bandwidth burden due to the super node (SN) mechanism, make Skype considerably a threat to enterprise networks se- curity and availability. Because Skype uses both encryp- tion and overlays, detection and blocking of Skype is non- trivial. Motivated by the work of Biondi and Desclaux [3], we adopt the view of Skype as a backdoor and we take a forensic approach to analyze it. We share our experience in this paper. With the forensic evidence, we identify a transport layer communication framework for Skype. We further formulate a set of socket-based detection and con- trol policies for Skype traffics. Our detection method is a hybrid between payload and non-payload inspections, with improved accuracy and version sustainability over the tra- ditional payload-only approaches. Our solution is practi- cable both inside and outside the NAT firewalls. This break- through makes the detection, blocking, and prioritization of Skype traffics possible in both the enterprise internal net- works and the Internet Services Providers carrier networks. Keywords: Enterprise Network Security, Network Foren- sics, Traffic Analysis, Skype, Blocking, Traffic Prioritiza- tion, NAT Traversal, Reverse Engineering