Blog >> Windows MalwareBytes

Investigating Windows MalwareBytes

13/01/2023 Friday

Malwarebytes is a cross platform anti malware software. It is considered among the top 10 antimalware software around the world. The software has the ability to detect various types of advanced malware using advanced algorithms and cloud-based systems. It also uses AI to collect information about the detected malware from users around the world making the software effective against a wide range of malware.

Digital Forensics Value of MalwareBytes


Due to Malwarebytes high performance, it is managed to establish a large client base around the world which raises the possibility of finding Malwarebytes in a suspect’s device. Having information about the course of events and the threats detected on a system can be of great aid during forensic investigation.

Location of MalwareBytes Artifacts


MalwareBytes artifacts are found in the following location:
%systempartititon%\ProgramData\Malwarebytes\MBAMService\ScanResults

Analyzing MalwareBytes with ArtiFast


This section will discuss how to use ArtiFast to extract MalwareBytes from Windows and what kind of digital forensics insight we can gain from the artifacts.

After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select Windows MalwareBytes artifacts:






Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Windows MalwareBytes artifacts in ArtiFast.


MalwareBytes Detected Threats Artifact




For more information or suggestions please contact: [email protected]