Investigating Windows Avast Antivirus
10/02/2023 Friday
Avast is a well-known cybersecurity software company that provides antivirus and internet security solutions for both individuals and businesses. Its products provide protection against viruses, malware, spyware, and other online threats. They also offer features such as firewall protection, real-time scanning, and email protection. Avast is available for Windows, Mac, and mobile devices and has both free and paid versions with different levels of protection and features.
Digital Forensics Value of Avast Antivirus
As a security software, Avast antivirus can be a great source of information since it provides information and logs on the activity of a device. This may be useful in reconstructing events or identifying potential threats. For instance, Avast's real-time scanning and threat detection feature can generate logs of detected malware or other malicious activity, which may be useful in determining the origin or nature of an incident. Additionally, Avast's quarantine feature can preserve potentially malicious files for later analysis by forensic investigators.
Location of Avast Antivirus Artifacts
Avast Antivirus artifacts are found in the following location:
%systempartititon%\ProgramData\Avast Software\Avast\Log.db
%systempartititon%\Users\%username%\AppData\Local\AVAST Software\Avast\datascan.json
Analyzing Avast Antivirus with ArtiFast
This section will discuss how to use ArtiFast to extract Avast Antivirus from Windows and what kind of digital forensics insights we can gain from the artifacts.
After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select Avast Antivirus artifacts.
×
Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Windows Avast Antivirus artifacts in ArtiFast.
Avast Antivirus Smart Scan logs Artifact
- Date - The date and time when the last scan started.
- File Size - File size (Bytes).
- File Name - The file name.
- File ID - Indicates which type of access authority the user had on the file.
- Volume Serial - The serial number of volume where the file had been stored.
- Last Scan Complete - Indicates if the last scan was completed.
Avast Detected Threats Artifact
- Date - Detection date and time.
- Error - Indicates if there was an error.
- Threat - The threat name.
- Path Name - The file path.
- Virus Flags - The virus flags.
- Threat Type - The threat type.
- Detection ID - The detection ID.
- Detection Session Id - The detection session ID.
- Flags - Detection flags.
For more information or suggestions please contact: ekrma.elnour@forensafe.com
