Android Viber artifacts provide information about phone/video calls, messages, and the application configuration data. Viber stores chats on devices members. New chat messages are ....
Read MoreThe Android Gmail app holds significant digital forensics value due to its central role in managing users' emails on Android devices. Forensic investigators can analyze the artifacts ....
Read MoreIMO as most of instant messaging application; holds significant value in digital forensics. With its widespread use and diverse features, analyzing the artifacts left behind by IMO ....
Read MoreCellebrite held their yearly CTF last month and this year the challenge featured 4 devices, belonging to 4 different suspects. In this blog, We will use ArtiFast to answer the questions ....
Read MoreThe Android Play Store, officially known as Google Play, is a digital distribution service created and managed by Google. It serves as the official app store for devices running on the ....
Read MoreAndroid installed applications records refer to the data and information stored on an Android device about the software applications installed on it. Android application is one of the ....
Read MoreCellebrite held their yearly CTF last month and this year the challenge featured 4 devices, belonging to 4 different suspects. In this blog, We will use ArtiFast to answer the questions ....
Read MoreDownloads folder on an Android device can serve as a rich source of digital evidence, so examining the contents of it can help forensic experts reconstruct events, establish timelines ....
Read MoreAndroid Facebook Messenger is a treasure trove for forensic analysts, brimming with valuable artifacts like accounts, activities, shared files, calls, messages, and media. This wealth of ...
Read MoreCollecting information related with the SIM card, such as ICCID and IMSI, can help in identifying the owner of the mobile device and associate it with a particular user.This artifact also ...
Read MoreAndroid Accounts artifact stores records of all the user accounts that have been used on a device, including email accounts, social media accounts, and other online services This data ...
Read MoreContacts can provide insight into the communication patterns of the device owner. They provide evidence of the relationships between the device owner and other individuals, ...
Read MoreTelegram holds significant forensics value due to its messaging platform's features and security measures. The app's end-to-end encryption, self-destructing messages, and ....
Read MoreCall logs on Android mobile phones are records that document the history of incoming, outgoing, and missed calls made from or received by a specific Android device. This information ....
Read MoreAndroid Skype emerges as a digital goldmine for forensic experts, containing a wealth of artifacts that unveil user interactions. These artifacts encompass activity logs, files, and account ....
Read MoreAndroid Aqua Mail is one of the email applications designed to help users manage and organize their email accounts effectively on Android devices. It provides a user-friendly ....
Read MoreWhen conducting digital forensic evidence of an Android device, analyzing Bluetooth-related data can yield valuable information that can be relevant to the investigation. Bluetooth ....
Read MoreTwitter, a captivating social networking platform that revolves around short messages known as tweets. Operating as a microblogging service, Twitter empowers its users ....
Read MoreChatous is a social networking application that allows its users to chat anonymously with strangers from around the world. It provided a platform for individuals to choose ....
Read MoreThe Android Telegram app, developed by Telegram Messenger LLP, is a free messaging application known for its user-friendly interface and strong focus on security ....
Read MoreYandex Mail is an email service provider which provides its mailing services for free and it has been developed by a Russian company. This email service comes with a ....
Read MoreA web browser is an application developed to browse the internet and access the websites. Although all browsers are trying to provide their users with the best browsing experience ....
Read MoreIn order to save the user’s configuration and customizations for every folder that Mac’s “Finder” accesses, the macOS operating system creates Desktop Service Store (.DS_Store) file ....
Read MoreIn contrast to the traditional downloading methods, BitTorrent protocol-based applications allow users to download large files from the internet easily. The main idea behind this ....
Read MoreDigital forensics analysis can be a complex and time-consuming process. Investigators need to efficiently analyze large amounts of data from a variety of sources. ArtiFast is a ....
Read MoreRemote Desktop Connection is a Windows built-in application. It is used to control remote systems by capturing their I/O devices’ signals and transmits them to the controller device using....
Read MoreIn this blog post, we will be solving the Magnet Virtual Summit Windows 11 CTF created by Magnet Forensics. Below is the solution to the CTF, solved using ArtiFast Suite....
Read MoreIn this blog post, we will be solving the Magnet Virtual Summit Windows Server CTF created by Magnet Forensics. Below is the solution to the CTF, solved using ArtiFast Suite....
Read MoreWinRAR is a file archiver tool which is used to create and view archives in RAR and ZIP file formats. These two formats are widely used to create a lossless data compression version ...
Read MoreAdobe Acrobat Reader is a software developed by Adobe Inc. to manage Portable Document Format (PDF) files. It was initially developed to preview PDF files but it is now supporting many ...
Read MorepCloud is a cloud storage service developed by a Swiss company founded in 2013. It is a standard cloud storage service for keeping files private, stable, and accessible across all platforms ...
Read MoreDigital forensics investigations on Android phones often involve analyzing various types of data stored on the device. One crucial piece of information that can be obtained from an Android ...
Read MoreWindows Installed Services EVTX is a log file generated by Windows operating system starting from Windows Vista. It records events related to the installation and removal of services ...
Read MoreAnyDesk is a remote desktop app that lets you control another computer from anywhere. It creates a secure connection between two computers via the internet, allowing you to access the remote computer's ...
Read MoreAvira is a security software company that provides customers with secure and private digital solutions. Avira antivirus is one of the company's essential and well known solutions which is available ...
Read MoreBitTorrent is a peer-to-peer file sharing software that allows users to share large files such as movies, music and so on over the internet. It works by breaking down large files into smaller pieces ...
Read MoreViber is a popular messaging app that allows users to make calls, send texts, photos, videos, and share other types of files. It is available for download on Window, iOS, Mac, and Android ...
Read MoreBitComet is a free BitTorrent client application used for downloading and sharing files over the internet. It operates on the peer-to-peer (P2P) file sharing protocol; allowing users ...
Read Moreimo is an instant messaging platform, like WhatsApp, Viber, Skype, ...etc. It is initially known by its video calls feature as it was one of the first instant messaging platforms that provide this ...
Read More1Password is a password management solution that provides users with a secure and convenient way to store and organize their confidential information, such as login credentials ...
Read MoreUnigram is a free and open-source messaging app for Windows devices that provides a fast, reliable, and secure messaging experience for Telegram users. With end-to-end encryption ...
Read MoreAVG Antivirus is a security program designed to defend computers from viruses, spyware, and other forms of malicious software. The software operates by continuously monitoring the ...
Read MoreWindows Mail is an email client developed by Microsoft and included in Windows Vista and later versions of Windows. It is available as the successor to Outlook Express, which was either included with...
Read MoreF-Secure Antivirus is a cutting-edge security solution for Windows devices that offers real-time protection against malware, phishing attacks, and other forms of online threats, Equipped with advanced security ...
Read MoreOpenVPN is one of the virtual private network applications, like ExpressVPN, ProtonVPN, and NordVPN. A VPN application provides a secure connection for the individual-users and businesses. OpenVPN solutions target ...
Read MoreBox Drive is a cloud-based file management app that provides users with direct access to their Box account files from their desktop computers. With Box Drive, users can preview, edit, and collaborate on their cloud-based ...
Read MoreAvast is a well-known cybersecurity software company that provides antivirus and internet security solutions for both individuals and businesses. Its products provide protection against viruses, malware, spyware, and other ...
Read MoreGroupMe is a cross platform instant messaging application available on both Android and iOS. The app has various features enabling users to create and manage groups, share information and updates, schedule events ...
Read MoreBitdefender is a popular antivirus software that offers comprehensive protection against various forms of malware, such as viruses, spyware, and ransomware. It uses a blend of signature-based detection ...
Read MoreuTorrent for Android is a mobile version of the popular uTorrent desktop application that allows users to download and share files on their Android devices It is a P2P file-sharing program that utilizes ...
Read MoreMalwarebytes is a cross platform anti malware software taking a spot in the top 10 antimalware software around the world with its ability to detect various types of advanced malwares using advanced algorithms and cloud based system which ...
Read MoreWindows Notepad++ desktop application is a free open-source text and source code editor. The application has been developed as an extension of the Windows default Notepad application with much more user-friendly features. Notepad++ is also commonly ...
Read MoreTikTok is a social media platform and mobile application that enables users to create and share short videos set to music. The app was initially launched in 2016 under the name Musical.ly and was subsequently merged with the Chinese social media app ...
Read MoreKaspersky is a Russian based anti-virus protection software that uses a combination of signature-based malware detection, advanced machine learning along with a cloud based security database. It offer its users maximum protection from various types ...
Read MoreGoogle Drive is a cloud- based file storage service similar to Microsoft OneDrive and Apple iCloud. It enables users to store, access and share files online. The service also enables users to synchronize files across their devices including PC ...
Read MoreSygic is a GPS navigation app. which provides voice-guided navigation in over 220 countries with offline maps. The app also a feature that allows users to download offline maps that can be used without internet connection, as well as live traffic information and safety as live traffic ...
Read MoreMicrosoft Defender Antivirus (formerly known as Windows Defender) is a built-in antivirus software from Microsoft Windows. It was first released for Windows XP with limited capabilities but, it evolved ever since to a full antivirus software offering services such as ...
Read MoreFacebook Messenger is a cross platform instant messaging application from Meta. Facebook Messenger is the main instant messaging application for Facebook, Instagram, Portal, and Oculus (yet to be released)...
Read MoreWindows iTunes desktop application is an application that helps you manage all of your media in one place. It is used for creating and customizing you own digital media library by allowing you to download,play, organize, and manage audio and video files. It is also extremely useful when ...
Read MoreRecent items are a list of files a user has used or opened recently. These items are displayed as “Recent” in jump lists on the Start menu, File Explorer, and Taskbar. The user can quickly and easily access recently accessed files and opened folders via recent items. This feature ...
Read MoreFile associations are registry settings in Windows that determine what application to use to open a file of a specified type. Users or applications can set associations for file types so that when the file is opened, a command gets triggered by Windows. For example, when a user ...
Read MoreVirtualBox is a virtualization solution for home as well as enterprise usage. It is available on Linux, macOS, and all Windows OS versions. Depending on the hardware configurations, a user can run multiple operating systems on top of the host using VirtualBox. The initial versions ...
Read MoreFileZilla was initially released in 2001 and it is very common among IT community. It is a free open-source, cross-platform file transfer protocol (FTP) application. FileZilla has client and server versions. The client version support connections to FTP and FTPS and SFTP servers ...
Read MoreQuick Access is part of File Explorer in Windows 10 and 11. It replaced the classic "Favorites" pane, which was present in Windows 7. Quick Access gives immediate access to Desktop, Downloads, Documents, and recently used files and folders from the navigation pane. Users can ...
Read MoreExpressVPN is a paid virtual private network service for home and individual use. The app is available for a wide range of devices, including Windows, macOS, Linux, Android, and iOS. According to the ExpressVPN website, it provides better anonymity than other VPN services. However ...
Read MoreLogMeIn is a remote access software similar to TeamViewer and Anydesk. It allows users to connect to devices via an internet connection remotely. These devices include laptops, workstations, servers, tablets, and smartphones. The software provides the ability to create groups ...
Read MoreSlack is a cross-platform productivity and communication app utilized by individuals and enterprises. Users can share messages, documents, and images on Slack “Channels,” and each channel is part of Slack “Workspace.” Enterprises can manage and track teams by creating different ...
Read MoreProton VPN is a community supported VPN service that was initially developed to provide anonymity to the Proton Mail users. Proton VPN became one of the most used VPN services around the world. According to Proton VPN website, Proton VPN currently serves users from over 63 ...
Read MoreStartup programs refer to programs that run automatically when the user logs into the system. This means that these apps will lunch following a system reboot without any interaction from the user. Unless configured to do so, applications run will show no notifications or any ...
Read MoreWindows operating systems offer users many personalization options. Changing the desktop background or wallpaper is among these options. Users can select a picture, slideshow of images, or even a solid color as a desktop background ...
Read MoreWordPad was first introduced in Windows 95. It provides text editing and visualization features similar to Notepad and Microsoft Word. However, it is less feature-rich than Microsoft Word. The default file format for WordPad is Rich Text Format (.rtf), which is a universal ...
Read MoreMicrosoft Management Console (MMC) creates, saves, and opens administrative tools in Windows operating systems. MMC makes custom administrative consoles for managing servers and clients. These administrative consoles are called snap-ins. Snap-ins allow users to administer ...
Read MoreThe swap file is a Windows feature that takes advantage of space on the hard drive when the RAM fills up to improve the RAM performance. Swap file enhances the efficiency of modern Windows apps as well. It stores data for starting applications faster and is a part of ...
Read MoreWinZip is a cross-platform trialware that helps users to zip, unzip, share, organize and manage files. WinZip was introduced in 1991 and developed based on MS-Dos PKZIP archive format, which Phil Katz invented. WinZip is one of the most popular file compression tools ...
Read MoreYara Rules are used for identifying and classifying malware by creating rules that search for specific binary or textual patterns. YARA rules work like a piece of programming language and identify PE and ELF files based on the conditions ...
Read MoreThe main purpose of ShimCache (also known as AppCompatCache) is to provide compatibility for old applications. Meaning it allows users to run older software in newer Windows systems. Executables that are visible in Windows Explorer are added to ShimCache for shimming ...
Read MoreWindows registry stores system-wide configurations and changes. The last shutdown date and time are stored on the Windows registry. Capturing the last shutdown value from the registry key can provide valuable information during computer forensics investigations ...
Read MoreCisco Webex Meetings is an online meeting/conference application that allows users to virtually meet with others. Participants can connect a Webex meeting using HD video and audio across web, desktop, mobile or video systems. It supports video conferencing features ...
Read MoreThe USN Journal (Update Sequence Number Journal) is the journaling functionality of NTFS. USN Journal maintains change logs made to the files on the NTFS and ReFS volumes. USN journal contains file or folder creation, deletion, and modification details. NTFS appends new records ...
Read MoreA security identifier (SID) is a unique alphanumeric number that identifies a security principal or a security group. Security principals can be a user account, a computer account, a thread, or a process. SID is generated by the system to identify a particular entity at the time it is created ...
Read MoreIn Windows systems, mapping a network drive enables users to access a particular shared folder, file or even an entire storage drive on a remote system more efficiently. Mapping assigns a drive letter to a shared folder, then, the user can access the shared folder from File Explorer ...
Read MoreWindows Terminal is the modern terminal application in Windows 10 operating system. It is a terminal application for command-line tools and shells like command prompt, PowerShell, and Windows Subsystem for Linux (WSL). Windows Terminal can only be installed on Windows 10 ...
Read More360 Secure Browser is based on the Chromium project. It was first released in September 2008 by Qihoo. The company claims that 360 Secure Browser is the safest browser in the world, and it is the second most popular web browser in China ...
Read MoreWindows operating systems create a user profile the first time a user logs on to a computer. At the following logons, the system loads the user's profile, and the user's environment is configured according to the information in the profile. User profiles provide unique ...
Read MoreOn Windows operating systems event logs store a lot of useful information about the system, users, activities and applications. The main purpose of event logs is to provide information to administrators and they structured in five levels (information, warning, error, critical ...
Read MoreWindows operating system stores network configuration details in the registry. There are registry keys for TCP/IP configuration and network interface/adapter details. Those are important for a digital forensic investigation. By analyzing these regisrty keys, we can collect ...
Read MoreBAM is a Windows service that controls activity of background applications. BAM is a driver which runs at kernel mode. Its default path is " %WinDir%\system32\drivers\bam.sys ". It is a part of Window 10 operating systems. BAM becomes a part of Windows with the ...
Read MoreWindows Management Instrumentation (WMI) is the infrastructure for management of data and administrative operations on Windows operating systems. WMI contains a vast variety of tools for controlling Windows operating systems locally and remotely. WMI is ...
Read MoreWindows NTFS stores these transactions in a transaction log called “$LogFile”. In the event of chrash or power failure, the operating system can roll back the changes or continue where it left. Hence, the log file maintains the reliability and recoverability of the file system ...
Read MoreWindows systems include a number of installed and ready to use applications. Among these applications is the Microsoft Paint utility. The recent files accessed by the user via MS Paint are stored in the Registry within the “Recent File List” subkey beneath the “Paint” key ...
Read MoreWindows notifications were first introduced in Windows 8 and continued with Windows 10. The feature provides real-time notifications of a variety of events, such as email alerts, apps updates, security alerts, reminders and other app specific notifications. Windows notifications ...
Read MoreWindows systems have a database where the important operating system and application configurations are maintained. This database is called the Windows Registry, it is made up of keys and values analogous to filesystems’ folders and files respectively. UserAssist is a key ...
Read MoreOperating systems and applications store date and time information in various ways utilizing different timestamp formats. Therefore, one of the first steps in a digital forensic examination is to identify the current time zone settings for the system(s) under investigation ...
Read MoreThe Run utility on Windows Systems enables the user to directly open an application, folder or document. In Windows 10, the Run utility can be accessed by right-clicking on Start > Run or by using the keyboard shortcut Windows Key + R. As seen in the figure below, the Run utility ...
Read MoreAmCache.hve is a Windows system file that is created to store information related to program executions. The artifacts in this file can serve as a huge aid in an investigation, it records the processes recently run on the system and lists the paths of the files executed ...
Read MoreFoxit Reader is a PDF document reader and viewer software similar to Adobe Acrobat Reader, which provides PDF document management solutions. It enables the user to view, edit, comment, sign, print, share, and export PDF files for free with annotations and online ...
Read MoreAdobe Acrobat Reader is part of Adobe family. It is a cross-platform application which enables the user to view, comment, sign, print, share, collect and track feedback of PDF files for free. The software offers a variety of other features such as creating, editing, and exporting ...
Read MoreWindows operating systems record and store a mine of information specific to actions taken by a user account. Among the information tracked is the recent files and folders accessed by the user. Information about the files that were recently opened/saved and the folders that ...
Read MoreOperating systems have the ability to use a portion of the hard drive as a virtual memory when the RAM becomes full. Microsoft Windows uses a paging file, called pagefile.sys to store chunks of data that do not currently fit into the physical memory. Although reading and writing ...
Read MoreA logon banner is a legal piece of writing that a Windows system user sees at the point of entry into a device. It is set manually and contains information about the permitted and appropriate usage of a computer system and its access capabilities that a user must acknowledge ...
Read MoreThe Windows System Resource Usage Monitor (SRUM) was first introduced in Windows 8. SRUM tracks 30 to 60 days of system resource usage, particularly application's resource usage, energy usage, Windows push notifications and network connectivity, and data usage ...
Read MoreThumbCache is a feature in Windows operating systems available starting from Windows Vista, that is used to cache thumbnail images of files for windows explorer view. When you open windows explorer in thumbnail view, the files within the folder are displayed as small ...
Read MoreWindows Recycle Bin was first introduced with Windows 95 and continued until Windows 10. Recycle bin is a temporary storage for the items that have been deleted by the user. The user then has the option to remove the items permanently or recover them in case they were ...
Read MorePowerShell is an object-oriented framework, which consists of a command line shell and scripting language. The shell comes installed by default on every Windows computer and can be installed on Mac and Linux computers. It enables its users to automate administrative ...
Read MoreWindows 10 Timeline was introduced by Microsoft as part of Windows 10 April 2018 Update (Windows 10 version 1803). This feature enables the users to view their currently running apps and look back at their previous activities such as opened documents, programs, images ...
Read MoreWindows stores user accounts and security descriptors for users on the local computer in a file called SAM (Security Account Manager). SAM is a part of a system defined database where configuration data is stored and retrieved. Using cryptographic measures, this file can be ...
Read MoreCortana is a voice-activated digital personal assistant introduced by Microsoft as part of Windows 10 desktop operating systems. Cortana can be used to perform various tasks such as searching the local files or the web, answering simple queries, sending emails and texts ...
Read MoreMicrosoft Office is a set of office/productivity related applications widely used around the world. Microsoft Office includes a variety of applications such as Microsoft Word, Excel, Access and Microsoft PowerPoint. Each application is designed to offer a specific task or service to its ...
Read MoreUSB devices are one of the most widely used storage devices due to their speed, large storage capacity, small size, mobility and more. The advantages of USB devices are indisputable; however, they are also considered as a main security threat to businesses as well as individuals ... Read More
Windows 7/10 stores profiles of wireless networks, to which a system has been connected. ArtiFast can locate and parse this data, extracting information such as the network name and connection time. This artifact provides an investigator with information on wireless networks that ...
Read MoreWindows Search is a desktop search platform that was first introduced by Microsoft in Windows Vista and continued with later versions of Windows (Windows 7, 8 and 10). As indicated in the figure below, the service "provides content indexing, property caching, and search results ...
Read MoreThe Microsoft Remote Desktop Connection (RDC) allows a user to connect and gain access to other Windows systems over a network. It is a built-in application that implements Remote Desktop Protocol (RDP) through Terminal service or Remote Desktop Service to access and control ...
Read MoreTask scheduler is a component of Windows, which provides a service that allows the system to launch computer programs or scripts at preset times. It monitors the trigger condition chosen by the user and executes when it is met. The task triggers can be calendar based or event-based ...
Read MoreAnyDesk is a remote desktop application similar to TeamViewer. The software offers a variety of functionality such as remote access and control, file transfer, and VPN. AnyDesk is available for desktop computers including Windows, macOS, and Linux. It is also available for ...
Read MoreTorch Browser is a web browser and an Internet suite developed by Torch Media. Torch is known for its media grabber, where it provides users with high-speed audio and video downloading capabilities, its built-in Torrent Manager, player, music, tons of free games, and the ...
Read MoreLink Files are Windows shortcut files created automatically by the Windows operating system whenever a user accesses a local or remote file or document. These files, however, can also be created manually by the user. LNK files can point to executables or any other file on the ...
Read MoreThumbs.db files are hidden Windows system files generated in the same directory of each folder on the system. These files are used to cache the thumbnail images that represent the contents within the folders when Windows Explorer is set to the thumbnails or filmstrip view ...
Read MoreJump Lists feature was first introduced with Windows 7 and continued in later versions of Windows systems including Windows 11. The feature is designed to provide the user with quick access to recently accessed application files and common tasks ...
Read MoreVivaldi Web Browser is a cross-platform web browser developed by Vivaldi Technologies. It is best known for being fast, private, and secure as it is capable of blocking ads and trackers. What makes Vivaldi unique is that it comes in with many built-in features, and it puts the user ...
Read MoreIn a digital forensic examination, identifying and collecting general information about the system(s) under investigation is essential. One of the basic information to identify during an examination is the device or computer name. In Windows systems, the computer name is maintained in the System ...
Read MoreWindows 10 Maps is an online mapping client software, where the process is served using geographic information systems on the Internet. Windows 10 Maps was developed by Microsoft Corporation, and it is available for Windows 8/10, Xbox One system software, and Xbox Series X/S ...
Read MoreDespite the advances in technology, the use of paper and printers will not disappear anytime during the foreseeable future. Many sectors and societies still rely heavily on printed documents. That is why it is important to be able to retrieve information related to the printers the system ...
Read MoreEvernote is one of the most popular note taking applications, it provides the users with a synchronized storage service using cloud servers, where they can save and organize their notes, ideas, photos, documents, and data from any device at any time they would need. It supports multiple ...
Read MoreThe Windows Registry maintains a great deal of information regarding system configuration, user activity and so on. Installed Programs artifact is among the useful artifacts extracted from the registry hives. The artifact contains details about the applications installed on the system ...
Read More7-Zip is a free and open-source file archiver program that can compress files, store them in compressed containers called "archives", and can decompress them as well. 7-Zip has its archive format, 7z, with a .7z file extension, but it can also read and write a variety of other formats. 7-Zip was ...
Read MoreWindows Services is a key component of the Windows operating system that allows long-running processes to be created and managed in their own sessions. These services start running in the background usually on system boot without any user interaction and can continue to run long after ...
Read MoreMUI stands for Multilingual User Interface. It is a technology that allows Windows systems to have a single application localized for multiple languages. Developers create an .MUI file for each language supported by the application and these files enable the user to switch the language ...
Read MoreTeamViewer is a software that allows remote access and control of computers and other devices. It is known for being reliable, fast, easily accessible, and for the use of secure digital communication technology. TeamViewer is mainly used in web conferencing and remote administration ...
Read MoreWindows Registry is an essential component of Windows operating systems. It maintains a wealth of information related to the user activity on the system, default settings, configurations and more. The Microsoft\Windows NT\CurrentVersion key within the Software hive is one of the ...
Read MoreWinRAR is a file archiver program. It can combine and compress several files together into one archive file. WinRAR can create and view its archive format RAR, with a .rar file extension, or archives with the ZIP file formats, and can decompress multiple other archive file formats. WinRAR was ...
Read MoreUsers often search for things on their devices through the built-in search capability that comes with their systems. Windows systems maintain a list of the keywords that were searched for on the system in different locations depending on the version in use. In recent versions of Windows ...
Read MoreIn this blog post, we will be solving a challenge designed by Cyber Defenders. Below is the solution to the challenge, solved using ArtiFast Windows. Artifacts Covered in this Challenge, Registry Artifacts: System Information, Wireless Networks, User Accounts, Profiles List ...
Read MoreVMware or Virtual Machine Software is a host workstation that runs on both Windows and Linux operating systems. VMware provides its users with the ability to operate multiple virtual machines on a single physical machine, and each one may run its own operating system ...
Read MoreAll versions of Windows systems include a Registry Editor (regedit.exe). This tool allows users to view the Windows registry and perform various functions within the registry such as creating, modifying and deleting keys, subkeys values and value data. The Last Accessed Key artifact ...
Read MoreSticky Notes is a desktop note-taking application that came with Windows 7, Windows 8, and Windows 10. It’s known for its instant launching as it enables its users to quickly and easily take notes on the post-it notes version of Windows ...
Read MoreTypedURLs is a Windows Registry key that is similar in concept to TypedPaths key. The key records URLs typed or inserted in the Internet Explorer (IE) address bar. URLs that are completed by the browser’s AutoComplete functionality are not recorded in the key unless the website was ...
Read MoreIn this blog post, we will be solving a challenge designed by Cyber Defenders using ArtiFast Windows. In this challenge, a security professional is joining a new company and was assigned a task to demonstrate her technical expertise (full scenario) ...
Read MoreTypedPaths is a Windows Registry key that records the last 25 paths typed or inserted into the path bar of File Explorer (previously known as Windows Explorer). The typed paths, however, do not appear instantly within the TypedPaths key. The user has to close the File Explorer window ...
Read MoreCalendar is a built-in Windows application developed by Microsoft. Calendar helps users in managing their schedules, meetings, reminders, appointments, and different types of events. It also enables the synchronization of calendars using Microsoft Exchange Server, Outlook, Apple's iCloud ...
Read MoreMailboxes make an essential part of our lives since it is considered one of the most important methods of communication in the 21st century. In accordance, the forensics of mailboxes is a crucial part of digital forensics. Forensic searches are carried out to investigate and find any leads ...
Read MoreChrome is an open-source web browser developed by Google. Chrome Web browser is known for its fast performance, security, and privacy. The web browser is available for desktop (Windows, macOS, Linux, OpenBSD,FreeBSD and Fuchsia) and mobile devices (Android and iOS) ...
Read MoreMozilla Thunderbird was developed by the Mozilla Foundation as an open-source cross-platform email application that provides personal information management, news client, chat client and RSS feed. Thunderbird was designed to adopt the style of Mozilla's Firefox web browser ...
Read MoreOpera is a multi-platform web browser developed by Opera Software. Opera Web browser is known for its small size, speed and stability. The web browser is available for desktop (Windows, macOS, and Linux) and mobile devices (Android and iOS) ...
Read MoreMicrosoft Windows tracks and records user's view settings and preferences while exploring folders. These view settings (size, view mode, position, etc.) of a folder window are stored in Shellbags registry keys. Shellbags keep track of the view settings of a folder window once the folder has been viewed ...
Read MoreFacebook Messenger is an Instant Messaging (IM) service, and it ranks second among the most popular social network platforms. With more than one billion daily active users on average, it is a rich platform for investigators ...
Read MoreFirefox is an open-source web browser that was developed by Mozilla. Firefox is known and praised for its security and privacy-concerned approach. The web browser is available for desktop (Windows, macOS and Linux) and for mobile devices (Android and iOS) ...
Read MoreIn this blog post, we will be solving a challenge designed by Cyber Defenders using ArtiFast Windows. The purpose of this challenge is to analyze the disk image acquired from the suspect’s laptop to determine whether the person in question was performing illegal activities (scenario) ...
Read MoreSignal is a cross-platform messaging application which enables users to send and receive one-to-one and group messages including texts, voice notes, files, photos, videos, and make voice and video calls. Signal was released initially in July 2014 and has become one of the most popular instant messaging applications ...
Read MoreGoogle Drive is a service developed by Google for file storage and synchronization. Launched in April 2012, Google Drive helps users to store files, synchronize files between computers, and exchange files on their servers. Moreover, Google Drive offers offline capabilities a part of the Google Docs Editors office suite ...
Read MoreLastVisitedMRU is a Windows registry key that tracks the applications used to open or save files that are documented in the OpenSaveMRU key. The key also tracks the location of the last file that was accessed (opened or saved) by that application. This is how "Open"/"Save As" Windows shell dialog box keep track of the ...
Read MoreOpenSaveMRU is a Windows registry key that tracks files that have been accessed by any application through the "Open" or "Save As" Windows shell dialog box. This key differs slightly between Windows XP and Windows Vista and beyond (OpenSaveMRU on Windows XP and 2003; OpenSavePidMRU on Vista through Windows 10 systems) ...
Read MoreBrave is an open-source web browser developed by Brave Software. Brave web browser is known for its fast performance, security, and privacy. The web browser is available for desktop (Windows and macOS) and mobile devices (Android and iOS) ...
Read MoreIn this blog post, we will be solving another challenge designed by Cyber Defenders using the full version of ArtiFast Windows. In this case, an attacker has compromised an organization’s web server through their website. The purpose of this challenge is to analyze the image provided and specify how the breach occurred and to ...
Read MoreOneDrive is a file hosting service that offers cloud storage, file synchronization, personal cloud, and client software. OneDrive brings files together in one place by creating a special folder on the user's computer. The contents of these directories are synchronized to the servers of OneDrive and other computers and systems ...
Read MoreUC Browser is a web browser developed by mobile internet company UCWeb. UC Browser is known for providing a fast, secure, video streaming, high-speed downloads, and an ad-free browsing experience. It is an easy-to-use and simple web browser. It is available for desktop (Windows and macOS) and mobile devices (Android and iOS) ...
Read MoreZoom is one of the leading cloud-based video conferencing and messaging software. The video telephony software allows multiple participants to communicate concurrently. Its popularity spiked during the COVID-I9 pandemic period of 2019-2020 by gathering the interest of people on both personal and business levels. It is used by banks, schools ...
Read MoreWhatsApp is a cross-platform application owned by Facebook. The platform supports sending and receiving text and voice messages, photos, documents, videos, and locations. WhatsApp provides all these features along with voice and video calls for one-to-one chats and group chats.
Read MoreSkype is a software that allows users to communicate with one another and is used by millions of individuals and companies to make free video and voice one-to-one and group calls, send instant messages, and exchange files with others. Skype can be used in laptops, mobile devices, or tablets and available for Microsoft Windows, Apple macOS, and ...
Read MoreWindows Update log is a log or record of all notable changes made to a Windows system. Every detail of each update implemented by the Windows Update service is recorded by the Windows System. If anti-malware software is installed, the history of its updates is also recorded. Any third-party software built on the device can also capture ...
Read MoreWindows Photos is an image organizer, graphic editor, and video editor by Microsoft. In Windows 8, it was originally released as a better alternative for Windows Photo Viewer. It has integrated Microsoft Sway where selected photographs can also be used as a source for generating a Sway project. In Windows Photos, users can also share ...
Read MoreIn this blog post, we will be solving a challenge designed by Cyber Defenders using the full version of ArtiFast Windows. In this case, the SOC team detected an illegal port scanning activity coming from a disgruntled employee's system who might be getting help from an outsider (full scenario). The purpose of this challenge is to ...
Read MoreArtiFast Lite is the free version of ArtiFast. This version of ArtiFast does not require license and it enables users to parse and analyze a subset of Windows artifacts ...
Read MoreBox Sync is a productivity platform that helps mirror Box-saved data to the user’s desktop. Without using a web browser, the user can access and change the content stored on the Box website via the native file browsing interface. Offline connectivity is required for content that synchronizes with the user’s computer.
Read MoreBox is a cloud computing service that offers file sharing, collaboration, and cloud storage. In addition, it allows users to share information with other users and manage content across devices. Box was founded in 2005 and is available in several platforms such as for Windows, macOS, and several mobile platforms.
Read MorePrefetch is a Microsoft Windows feature that first appeared in Windows XP. It is a Memory Manager component that can speed up the Windows boot process and reduce the time it takes for programs to start up. It achieves this by storing files required by an application in RAM as soon as the application is launched, thereby reducing disk seeks and consolidating ...
Read MoreMicrosoft Edge is a cross-platform web browser developed by Microsoft. It is known for its high speed, improved security, reading mode, tracking prevention, lightweight. It is also known for providing an organized and easy environment for its users with the integrated Microsoft 365 and Collections feature. The web browser is available for desktop ...
Read MoreMicrosoft Edge web browser, currently known as Microsoft Edge Legacy, is an EdgeHTML-based browser developed by Microsoft. EdgeHTML is a software browser engine that was first introduced as rendering engine part of Internet Explorer 11. Then, it was used in the project Spartan web browser and was later named Microsoft Edge. Microsoft Edge Windows ...
Read MoreiCloud is an Apple Inc. cloud management and cloud computing application launched in October 2011. iCloud allows users to store, share, and send data, files, and documents among users and devices. iCloud is available for Windows, iOS, and macOS devices. In addition, iCloud wirelessly backs up iOS devices directly to iCloud. By connecting accounts via AirDrop ...
Read MoreClubhouse is the new hot social media platform that is gaining a ton of traction. The app was launched in April 2020, however, the app found popularity due to the recent appearances of celebrities and public figures such as Elon Musk. Clubhouse is an audio-only social media app; there are no texts, pictures or videos. Users gather in virtual audio chat “rooms” ...
Read MoreDropbox is a file hosting service founded in 2007 that offers cloud storage, file synchronization, personal cloud, and client software. Dropbox brings files together in one place by creating a special folder on the user's computer. The contents of these directories are synchronized to the servers of Dropbox and other computers and systems where Dropbox has ...
Read MoreInternet Explorer is a web browser developed by Microsoft Corporation. It is one of the most known browsers as it was the default web browser for Windows devices from 1995 till January 2015. The Internet Explorer project was started in 1994 as part of an Internet Jumpstart Kit then over time it has gradually developed till reached its latest version Internet ...
Read MoreVLC Media Player (VideoLAN Client) has been developed by the VideoLAN community as a free and open source, lightweight, cross-platform media player app, and streaming media server. VLC is available for Linux, iOS, iPadOS, Tizen, Windows 10 Mobile, Windows Phone desktop operating systems, and mobile platforms. VLC accepts many types of audio and video ...
Read MoreNational Institute of Standards and Technology (NIST) provides DFIR challenges to help people learn about various types of challenges and the techniques that can be used to solve them. This challenge provides the following scenario. It is a data leakage case where we are ...
Read MoreNational Institute of Standards and Technology (NIST) provides DFIR challenges to help people learn about various types of challenges and the techniques that can be used to solve them. This challenge provides the following scenario. It is a data leakage case where we are ...
Read MoreDiscord is very popular among gamers for its user-friendly features, high performance and ease of use. It has generated so much praise that even if you are not a "true gamer," you might be familiar with the platform. Although Discord was initially centered around games and gamers ...
Read MoreViber PC is a Japanese corporation Rakuten's that provides cross-platform voice-over IP (VoIP) and instant messaging (IM) web service. Viber PC allows users to send any kind of message such as text, video, contact info, and audio, and to exchange and share data with other ...
Read MoreNational Institute of Standards and Technology (NIST) provides DFIR challenges to help people learn about various types of challenges and the techniques that can be used to solve them. This challenge provides the following scenario. This challenge requires we analyze a drive ...
Read MoreMicrosoft Outlook Express is a discontinued Internet-based email program developed by Microsoft Corporation. Outlook Express was part of Internet Explorer in its earlier versions then later to be available as a standalone software. Outlook Express was intended for home ...
Read MoreIn this blog post, we will be solving a challenge designed by info-sec.box using ArtiFast Windows. The purpose of this challenge is to analyze an image acquired from a lost flash drive to find the flag (challenge). Below is the solution to the challenge, solved using ArtiFast ...
Read MoreMessenger Plus! is an add-on for Windows Live Messenger and Skype. It was released in May 2001 and provides instant messaging, custom status tags, event and chat logging, auto replies, and the user’s contacts statistics. Messenger Plus! can be used in laptops, mobile devices ...
Read MoreMicrosoft Messaging is an instant messaging platform in Windows 8, Windows 10, and Windows 10 mobile environments. It provides messaging and voice/video calling services. SMS, MMS, and RCS messaging are all supported on the web edition. SMS messages sent via Skype and billing ...
Read MoreSocial networking applications are essential in today's world. They bypass physical and social boundaries shaping the way people communicate with each other. Twitter is one of the most popular online social networking apps. It is available for installation on the desktop ...
Read MoreMessenger Plus! is an add-on for Windows Live Messenger and Skype. It was released in May 2001 and provides instant messaging, custom status tags, event and chat logging, auto replies, and the user’s contacts statistics. Messenger Plus! can be used in laptops, mobile devices ...
Read More