Kaspersky Antivirus is a Russian based anti-virus protection software that uses a combination of signature-based malware detection, advanced machine learning along with a cloud based security database. It offer its users maximum protection from various types of threats including viruses, worms, ransomwares and many others.
Kaspersky Antivirus is one of the most popular antivirus software around the world and it has the largest market share in Europe. Given its popularity and wide usage, it is considered an important source of evidentiary information as it enables us to collect valuable information about the course of events and the threats detected on a system.
By default, artifacts left behind by Kaspersky Antivirus are stored in the following location:
C:\ProgramData\Kaspersky Lab\AVP21.3\Data
*AVP21.3 might be named differently according to the version number
This section will discuss how to use ArtiFast to extract Kaspersky Antivirus artifacts from Windows machines and what kind of digital forensics insight we can gain from the artifacts.
After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select Kaspersky Antivirus artifacts:
Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Windows Kaspersky Antivirus artifacts in ArtiFast.
Kaspersky Report Artifact
For more information or suggestions please contact: amro.alshadfan@forensafe.com