Digital Forensics: Artifact Profile – Google Chrome

APPLICATION NAME: Google Chrome CATEGORY: Web Related RELATED ARTIFACTS: Chrome Web History, Chrome Web Visits, Chrome Sync Data, Chrome Sync Accounts, Chrome Session/Tabs Carved, Chrome Last Tabs, Chrome Current Tabs, Chrome Last Session, Chrome Current Session, Chrome...

Read more >

Digital Forensics: Artifact Profile – Recycle Bin

APPLICATION NAME: Recycle Bin CATEGORY: Operating System RELATED ARTIFACTS: None OPERATING SYSTEMS: Windows  SOURCE LOCATION: Windows XP – %ROOT%\Recycler\%SID%\ Windows Vista+ – %ROOT%\$Recycle.Bin\%SID%\   Importance to Investigators The Windows Recycle Bin contains files that have been deleted...

Read more >

Digital Forensics: Artifact Profile – USB Devices

APPLICATION NAME: USB Devices CATEGORY: Operating System RELATED ARTIFACTS: None OPERATING SYSTEMS: Windows  SOURCE LOCATION: SYSTEM/CurrentControlSet/Enum/USBSTOR SYSTEM/MountedDevices NTUSER.DAT/Software/Microsoft/Windows/CurrentVersion/Explorer/MountPoints2 SYSTEM/CurrentControlSet/Enum/USB Windows Vista+ – ROOT/Windows/inf/setupapi.dev.log Windows XP – ROOT/Windows/setupapi.log   Importance to Investigators USB device history can be a...

Read more >

Digital Forensics: Artifact Profile – UserAssist

APPLICATION NAME: UserAssist CATEGORY: Operating System RELATED ARTIFACTS: None OPERATING SYSTEMS: Windows SOURCE LOCATION: NTUSER.DAT – SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\   Importance to Investigators Windows contains a number of registry entries under UserAssist that allows investigators to see what programs...

Read more >

Digital Forensics: Artifact Profile – WhatsApp Messenger

APPLICATION NAME: WhatsApp Messenger CATEGORY: Chat RELATED ARTIFACTS: WhatsApp Contacts, WhatsApp Messages OPERATING SYSTEMS: iOS, Android SOURCE LOCATION: iOS – /root/var/mobile/Applications/net.whatsapp.WhatsApp/Documents/ChatStorage.sqlite Android – /data/data/com.whatsapp/databases/msgstore.db Android – /data/data/com.whatsapp/databases/wa.db Android –/sdcard/WhatsApp/Databases/msgstore.db.crypt*   Importance to Investigators Android For Android devices, there are two...

Read more >

Digital Forensics: Artifact Profile – Whisper

APPLICATION NAME: Whisper CATEGORY: Social Networking RELATED ARTIFACTS: Whisper Posts, Whisper Messages OPERATING SYSTEMS: iOS, Android SOURCE LOCATION: Android – %root%\data\APPsh.whisper\databases\w.db Android – %root%\data\APPsh.whisper\databases\c.db iOS – %root%\var\mobile\Applications\%GUID%\Documents\Messaging.sqlite iOS – %root%\var\mobile\Applications\%GUID%\Documents\Whisper.sqlite   Importance to Investigators Whisper is a popular social networking app that allows users to...

Read more >

Digital Forensics: Artifact Profile – Yik Yak

APPLICATION NAME: Yik Yak CATEGORY: Chat RELATED ARTIFACTS: Yik Yak Notifications, Yik Yak Yaks OPERATING SYSTEMS: iOS SOURCE LOCATION: iOS – %root%\Library\Caches\engineering.locus.chatter\Cache.db iOS – %root%\Library\Caches\engineering.locus.chatter\fsCachedData\%GUID%   Importance to Investigators Yik Yak is a popular social media application most...

Read more >

July Artifact Update: Windows OS and More

We just released our July Artifact Update to Magnet IEF customers, which includes a number of new artifacts and improvements for previously supported apps. As part of this release, we wanted to improve support for...

Read more >

April Artifact Update: Native Android Apps

Our latest artifact update for IEF includes support for native Android applications. As the mobile market continues to narrow-in on two primary operating systems – Android and iOS – it’s becoming increasingly important for investigators...

Read more >

Forensic Analysis of Windows Shellbags

This is the fifth and final blog post in a series about recovering Business Applications & OS Artifacts for your digital forensics investigations. What are Shellbags? While shellbags have been available since Windows XP, they...

Read more >
< Prev 12