Blog >> Sticky Notes

Investigating Sticky Notes

18/10/2021 Monday

Sticky Notes is a desktop note-taking application that came with Windows 7, Windows 8, and Windows 10. It’s known for its instant launching as it enables its users to quickly and easily take notes on the post-it notes version of Windows.

Digital Forensics Value of Sticky Notes

Sticky Notes can contain a valuable amount of information about Windows user activities as it can capture small and big notes, images, and can create reminders with the help of Cortana. Sticky notes can also identify addresses, emails, and phone numbers.

Location of Sticky Notes Artifact

Sticky Note built-in application artifacts are stored at:

C:\Users\informant\AppData\Roaming\Microsoft\Sticky Notes\StickyNotes.snt

Sticky Note Windows application artifacts are stored at:


Structure of Sticky Notes Artifact

Sticky Notes structure is made of a database file that is used for storing Sticky Notes information.

Analyzing Sticky Notes Artifact with ArtiFast Windows

This section will discuss how to use ArtiFast to extract Sticky Notes artifacts from Windows machines and what kind of digital forensics insight we can gain from the artifacts.

After you have created your case and added evidence for the investigation, at the Artifacts Selection phase, you can select Sticky Notes Artifact:

Once ArtiFast parser plugins complete processing artifacts for analysis, it can be reviewed via “Artifact View” or “Timeline View”, with indexing, filtering, and searching capabilities. ArtiFast can analyze both Sticky Notes Windows application and Sticky Notes built-in application. Below is a detailed description of both artifacts in ArtiFast Windows.

Sticky Notes (Builtin) Artifact

This artifact contains information of the sticky note built-in application such as:

Sticky (Win Apps) Notes Artifact

This artifact contains information of Sticky Note Windows application such as:

For more information or suggestions please contact: