Investigating Window F-Secure
17/02/2023 Friday
F-Secure Antivirus is a cutting-edge security solution for Windows devices that offers real-time protection against malware, phishing attacks, and other forms of online threats. Equipped with advanced security features, F-Secure Antivirus provides users with a comprehensive and reliable defense mechanism for their devices.
Digital Forensics Value of F-Secure
F-Secure keeps detailed logs of all actions performed on the device, including file changes, network connections, and malicious activities. This information can be useful for forensic investigators to track down the source of a security breach or other digital incident. Additionally, F-Secure Antivirus keep record of not just scan reports but also, reported threats in the hosted machine along with other related information such as user and scoop of the scan, which can be a great help during investigation.
Location of F-Secure Artifacts
F-Secure artifacts are found in the following location:
%systempartititon%\ProgramData\F-Secure\Quarantine\Repository\info
%systempartititon%\Users\%username%\AppData\Local\F-SECURE\AntiVirus\ScanningReports\
Analyzing F-Secure with ArtiFast
This section will discuss how to use ArtiFast to extract F-Secure from Windows and what kind of digital forensics insights we can gain from the artifacts.
After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select F-Secure artifacts.
×
Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Window F-Secure artifacts in ArtiFast.
F-Secure Scan Reports Artifact
- Date - The date and time the scan started.
- Threat Name - The threat name.
- Action - Action taken.
- Scan Type - The scan type.
- Targets - The targets that were scanned.
- Thread Path - The thread path.
- Computer Name - The computer name.
F-Secure Detected Threats Artifact
- Date - Date and time thread was detected.
- Last Write Date/Time - The time the infected file was last edited.
- Creation Date/Time - Time and date the infected file was created system time.
- User Name - The user name.
- Threat Name - The threat name.
- Domain Name - The security clearance of the user.
- Path - Path of the file.
- Last Access Date/Time - Time and date the infected file was last accessed system time.
- Computer Name - The computer name.
- User ID - The User ID.
- Size - The file size.
For more information or suggestions please contact: ekrma.elnour@forensafe.com
