AnyDesk is a remote desktop app that lets you control another computer from anywhere. It creates a secure connection between two computers via the internet, allowing you to access the remote computer's screen, keyboard, mouse, files, and apps as if you were using it directly. The app uses encryption to secure the connection and has features like password protection. In essence, AnyDesk provides a convenient and secure way to work remotely, collaborate with others, or offer tech support. Minor changes occurred since our last blog on Anydesk which can be reviewed from the following link: https://forensafe.com/blogs/anydesk.html
In forensic investigations, the value of AnyDesk lies in information such as Chat sessions, connection traces, and service logs can provide information about the communication and connection history between the remote computer and the local computer. This information can be used to track the activity of a user and determine what actions were taken during a remote session. And Session recordings can provide a visual record of a remote session, which can be useful in reconstructing what happened during the session. The unattended session password can be valuable in accessing the remote computer in an unattended mode, which can be useful for data collection and analysis.
AnyDesk artifacts are found in the following location:
This section will discuss how to use ArtiFast to extract AnyDesk from Windows and what kind of digital forensics insights we can gain from the artifacts.
After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select AnyDesk artifacts.
Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Window AnyDesk artifacts in ArtiFast.
AnyDesk Chat Sessions Artifact
AnyDesk Connections Trace Artifact
AnyDesk Session Recordings Artifact
AnyDesk Services Log Artifact
AnyDesk Thumbnails Artifact
AnyDesk Unattended Session Password Artifact
AnyDesk User Configurations Artifact
For more information or suggestions please contact: firstname.lastname@example.org