Sticky Notes is a desktop note-taking application that came with Windows 7, Windows 8, and Windows 10. It’s known for its instant launching as it enables its users to quickly and easily take notes on the post-it notes version of Windows.
Sticky Notes can contain a valuable amount of information about Windows user activities as it can capture small and big notes, images, and can create reminders with the help of Cortana. Sticky notes can also identify addresses, emails, and phone numbers.
Sticky Note built-in application artifacts are stored at:
Sticky Note Windows application artifacts are stored at:
Sticky Notes structure is made of a database file that is used for storing Sticky Notes information.
This section will discuss how to use ArtiFast to extract Sticky Notes artifacts from Windows machines and
what kind of digital forensics insight we can gain from the artifacts.
After you have created your case and added evidence for the investigation, at the Artifacts Selection phase, you can select Sticky Notes Artifact:
Once ArtiFast parser plugins complete processing artifacts for analysis, it can be reviewed via “Artifact View” or “Timeline View”, with indexing, filtering, and searching capabilities. ArtiFast can analyze both Sticky Notes Windows application and Sticky Notes built-in application. Below is a detailed description of both artifacts in ArtiFast Windows.
Sticky Notes (Builtin) Artifact
This artifact contains information of the sticky note built-in application such as:
Sticky (Win Apps) Notes Artifact
This artifact contains information of Sticky Note Windows application such as:
For more information or suggestions please contact: firstname.lastname@example.org