Investigating Window Avira Antivirus
24/03/2023 Friday
Avira is a security software company that provides customers with secure and private digital solutions. Avira antivirus is one of the company's essential and well known solutions which is available for free. Avira claims that its antivirus software provides protection and repairing services without affecting the performance of the devices.
Digital Forensics Value of Avira Antivirus
Windows Avira Antivirus artifacts retain information about detected threats, device users and activities. This information can help in understanding and constructing events that occurred on a target device.
Location of Avira Antivirus Artifacts
The artifacts can be found at the following location:
%systempartititon%\ProgramData\Avira\Endpoint Protection SDK\quarantine
Analyzing Avira Antivirus with ArtiFast
This section will discuss how to use ArtiFast to extract Avira Antivirus from Windows and what kind of digital forensics insights we can gain from the artifacts.
After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select Avira Antivirus artifacts.
×
Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Window Avira Antivirus artifacts in ArtiFast.
Avira Detected Threats Artifact
- OS - Indicates the operating system of the device.
- File Path - The file path on the device file system.
- Detected Time - The date and time when the threat was detected.
- Hash - The hash of the file in sha256.
- Threat Name - The name of the threat or malware the file contains.
Avira User Related Information Artifact
- Client ID - The ID of the client.
- Last Ping Time - The date and time when the last ping was sent.
- Detected Time - The date and time when the threat was detected.
- Country - The country the device was connected from.
- IP - The device latest IP.
Avira Reports Artifact
- Action - The applied action discerption.
- Event ID - The identification number of the event.
- Malware Type - The type of the malware that has been detected.
- Malware - The name of the malware.
- Path - The path of the infected file.
- Row ID - The id of the event in the database.
- Source ID - The source ID.
- Type ID - The type ID.
- Event Date - The date when this event has been occurred.
Avira Other Information Artifact
- Event ID - The identification number of the event.
- Row ID - The id of the event in the database.
- Source ID - The source ID.
- Type ID - The type ID.
- Malware - The name of the malware.
- Path - The path of the infected file.
- Values - The values.
- Event Date - The date when this event has been occurred.
For more information or suggestions please contact: kalthoum.karkazan@forensafe.com
