Blog >> AnyDesk

Investigating AnyDesk

24/12/2021 Friday

AnyDesk is a remote desktop application similar to TeamViewer. The software offers a variety of functionality such as remote access and control, file transfer, and VPN. AnyDesk is available for desktop computers including Windows, macOS, and Linux. It is also available for smartphones and tablets running iOS/iPadOS or Android operating system.

Digital Forensics Value of AnyDesk Artifacts

AnyDesk and other remote desktop applications are widely used because of their many capabilities; however, they can also pose a serious threat to individuals as well as businesses. Threat actors can take advantage of such software to gain unauthorized access to the victim/target device stealing sensitive confidential data, distributing malware and so on. Hence, it is important to be able to view and analyze critical artifacts related to remote access applications.

Location of AnyDesk Artifacts

In Windows systems, AnyDesk artifacts are found in the following two locations:

Analyzing AnyDesk Artifacts with ArtiFast Windows

This section discusses how to use ArtiFast Windows to analyze AnyDesk artifacts from Windows machines and what kind of digital forensics insight we can gain from the artifacts.

After you have created your case and added evidence for the investigation, at the Artifacts Selection phase, you can select AnyDesk artifacts:

Once ArtiFast parser plugins complete processing artifacts for analysis, it can be reviewed via “Artifact View” or “Timeline View”, with indexing, filtering, and searching capabilities. Below is a detailed description of AnyDesk artifacts in ArtiFast Windows.

AnyDesk Actions Log Artifact

AnyDesk Chat Sessions Artifact

AnyDesk Connections Trace Artifact

AnyDesk Services Log Artifact

AnyDesk Session Recordings Artifact

AnyDesk Thumbnails Artifact

AnyDesk Unattended Session Password Artifact

AnyDesk User Configurations Artifact

For more information or suggestions please contact: