Investigating Window AVG AntiVirus
24/02/2023 Friday
AVG Antivirus is a security program designed to defend computers from viruses, spyware, and other forms of malicious software. The software operates by continuously monitoring the computer to detect and isolate any potential threats. To detect existing infections, AVG Antivirus carries out routine scans of the computer's hard drive, memory, and other storage spaces. Additionally, it offers real-time protection by examining incoming email attachments, downloaded files, and other potential sources of infection.
Digital Forensics Value of AVG AntiVirus
AVG artifacts can provide valuable information regarding viruses or other malicious software that might exist on a computer. For instance, AVG logs can reveal the date and time a certain threat was detected, the threat’s type, and its location on the computer. This information can aid investigators in determining whether a computer has been compromised and the manner in which it was compromised. In addition, this information can be useful when constructing a chronological overview of events that occurred on a target system.
Location of AVG AntiVirus Artifacts
AVG AntiVirus artifacts are found in the following location:
%systempartititon%:\Users\%username%\AppData\Local\AVG\Antivirus
%systempartititon%:\ProgramData\AVG\Antivirus\
Analyzing AVG AntiVirus with ArtiFast
This section will discuss how to use ArtiFast to extract AVG AntiVirus from Windows and what kind of digital forensics insights we can gain from the artifacts.
After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select AVG AntiVirus artifacts.
×
Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Window AVG AntiVirus artifacts in ArtiFast.
AVG Antivirus Detected Threats Artifact
- Date - The date and time the virus was detected.
- Path - The path of the infected file.
- Session ID - The ID of the session it was detected in.
- Virus Name - Indicates the virus type.
- ID - The ID of the threat.
Windows AVG Antivirus Smart Scan Log Artifact
- Date - The date and time when the last scan attempt was started.
- File ID - The ID of the file.
- File Size - The size of the file.
- Is Completed - This shows if the lats scan was completed successfully or not.
- Serial Number - The volume serial number that the file is stored in.
- Filename - Name of the file.
For more information or suggestions please contact: [email protected]
