Adobe Acrobat Reader is a software developed by Adobe Inc. to manage Portable Document Format (PDF) files. It was initially developed to preview PDF files but it is now supporting many other features such as editing, e-signing, and format-converting. The basic features are available to users for free, however, the app has a set of premium features available on a paid subscription.
Adobe Acrobat Reader is widely used by users across different platforms. It collects and stores important information not only about the browsed files but also about users’ accounts. Analyzing such information can provide examiners with substantial information that will support digital forensic investigations.
The location of Adobe Acrobat Reader artifacts has changed from the previously published blog.
Artifacts now can be retrieved from the NTUSER.dat registry hive at the following location:
This section will discuss how to use ArtiFast Windows Adobe Acrobat artifacts from Windows machines and what kind of digital
forensic insights we can gain from the artifacts.
After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select Adobe Acrobat artifacts.
ArtiFast can analyze Adobe Acrobat Recent Files, Recent Locations, General Info, Favorite Files, and User Information. For demonstration purposes, all the artifacts have been chosen, however, you have the option to select one or more artifacts.
Once ArtiFast parser plugins complete processing artifacts for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Windows Adobe Acrobat artifacts in ArtiFast.
Adobe Acrobat Favorite Files
Adobe Acrobat General Info
Adobe Acrobat Recent Files
Adobe Acrobat Recent Locations
Adobe Acrobat User Information
For more information or suggestions please contact: firstname.lastname@example.org