Investigating Android AVG Antivirus
19/07/2024 Friday
AVG Antivirus is a security program designed to defend computers and mobile devices from viruses, spyware, and other malicious software. The software continuously monitors the host device to detect and isolate any potential threats. AVG Antivirus scans the host environment to detect existing infections. Additionally, it offers real-time protection by examining incoming email attachments, downloaded files, and other potential sources of infection.
Digital Forensics Value of Android AVG Antivirus
AVG artifacts can provide valuable information regarding viruses or other malicious software that might exist on a device. For instance, AVG logs can reveal the date and time a certain threat was detected, the threat’s type, and its location on the device. This information can aid investigators in determining whether a computer has been compromised and how it was compromised. In addition, this information can be useful when constructing a chronological overview of events that occurred on a target system.
Location and Structure of Android AVG Antivirus Artifacts
Android AVG Antivirus artifacts can be found at the following location:
data/data/com.antivirus/databases/scanner.db
Analyzing Android AVG Antivirus Artifacts with ArtiFast
This section will discuss how to use ArtiFast to extract Android AVG artifact from Android device's files and what kind of digital forensics insights we can gain from the artifact.
After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select Android AVG artifact:
×
Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Android AVG artifact in ArtiFast.
Android AVG Network Scans
- Date/Time: The network scanning date and time.
- Network SSID: Network SSID.
- Gateway Mac Address: The Router/WIFI Mac Address.
Android AVG Open Wi-Fi Networks
- Date/Time: Date and time last connected to open Wi-Fi.
- SSID: Wi-Fi Network name.
Android AVG Wi-Fi Speed
- Date/Time: Wi-Fi Speed Check Date and time.
- Network SSID: Network SSID.
- Gateway Mac Address: The Router/WIFI Mac Address.
Android AVG Application Cache
- Date/Time: Date of Scanned of the file.
- Package Name: Package name of the application.
Android AVG Found Viruses
- Package Name: Package name of the application.
- Infection Name: Infection name/malware.
- File Location: Path of virus/file located in the device.
Android AVG Ignored Results
- Package Name: Package name of the application.
- File Location: Path of virus/file located in the device.
For more information or suggestions please contact: ekrma.elnour@forensafe.com
