Once ArtiFast parser plugins complete processing artifacts for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities.
This section will discuss how to use ArtiFast Windows to analyze Windows Photos artifacts from Windows machines and what kind of digital forensics insights we can gain from the artifacts.Īfter you have created your case and added evidence for investigation, at the Artifacts Parser Selection Phase, you can select Windows Photos artifacts: This Database file contains 100+ tables, however, only a subset of these tables contains forensically valuable information.Īnalyzing Windows Photos Artifacts with ArtiFast Windows Windows Photos artifacts are found within the MediaDb.v1.sqlite database file. In Windows 10 Windows Photos artifacts are located at:Ĭ:\Users\%username%\AppData\Local\Packages\_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite Tracking such information is critical during the digital forensic analysis process and helps us understand the types of artifacts that are likely to remain for digital forensics investigators. Windows Photos artifacts provide information and data about files, images, and graphics that a user created, edited, and deleted.
In Windows Photos, users can also share images by uploading them to OneDrive, Facebook, Twitter, Instagram, and GroupMe.ĭigital Forensics Value of Windows Photos Artifacts It has integrated Microsoft Sway where selected photographs can also be used as a source for generating a Sway project. In Windows 8, it was originally released as a better alternative for Windows Photo Viewer. Windows Photos is an image organizer, graphic editor, and video editor by Microsoft.
0 kommentar(er)
