Avast is a well-known cybersecurity software company that provides antivirus and internet security solutions for both individuals and businesses. Its products provide protection against viruses, malware, spyware, and other online threats. They also offer features such as firewall protection, real-time scanning, and email protection. Avast is available for Windows, Mac, and mobile devices and has both free and paid versions with different levels of protection and features.
As a security software, Avast antivirus can be a great source of information since it provides information and logs on the activity of a device. This may be useful in reconstructing events or identifying potential threats. For instance, Avast's real-time scanning and threat detection feature can generate logs of detected malware or other malicious activity, which may be useful in determining the origin or nature of an incident. Additionally, Avast's quarantine feature can preserve potentially malicious files for later analysis by forensic investigators.
Avast Antivirus artifacts are found in the following location:
%systempartititon%\ProgramData\Avast Software\Avast\Log.db
%systempartititon%\Users\%username%\AppData\Local\AVAST Software\Avast\datascan.json
This section will discuss how to use ArtiFast to extract Avast Antivirus from Windows and what kind of digital forensics insights we can gain from the artifacts.
After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select Avast Antivirus artifacts.
Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Windows Avast Antivirus artifacts in ArtiFast.
Avast Antivirus Smart Scan logs Artifact
Avast Detected Threats Artifact
For more information or suggestions please contact: ekrma.elnour@forensafe.com