Investigating Windows MalwareBytes
13/01/2023 Friday
Malwarebytes is a cross platform anti malware software. It is considered among the top 10 antimalware software around the world. The software has the ability to detect various types of advanced malware using advanced algorithms and cloud-based systems. It also uses AI to collect information about the detected malware from users around the world making the software effective against a wide range of malware.
Digital Forensics Value of MalwareBytes
Due to Malwarebytes high performance, it is managed to establish a large client base around the world which raises the possibility of finding Malwarebytes in a suspect’s device. Having information about the course of events and the threats detected on a system can be of great aid during forensic investigation.
Location of MalwareBytes Artifacts
MalwareBytes artifacts are found in the following location:
%systempartititon%\ProgramData\Malwarebytes\MBAMService\ScanResults
Analyzing MalwareBytes with ArtiFast
This section will discuss how to use ArtiFast to extract MalwareBytes from Windows and what kind of digital forensics insight we can gain from the artifacts.
After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select Windows MalwareBytes artifacts:
×
Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Windows MalwareBytes artifacts in ArtiFast.
MalwareBytes Detected Threats Artifact
- Date - The date and time the threat was detected.
- Action - The action that was taken against the threat.
- Path - The path of the detected threat.
- Malware - The name of the malware.
- Hash - The hash of the infected file.
- Username - The name of the user the threat was detected in.
- Type - The type of the infected file .
- OS - The operating system.
- Size - The size of the infected file.
For more information or suggestions please contact: [email protected]
