I am currently working on finding artifacts for windows 8.1 metro apps for PC environment.It was possible to locate the artifacts and even to manually analyze the app data artifacts.Are there any commercial/free/open source tools available for parsing windows 8.1 PC based metro apps data as they(IEF,Belkasoft) do for parsing Internet based artifacts for PC environment..??…Thanks in advance and Happy New Year to all….
I am currently working on finding artifacts for windows 8.1 metro apps for PC environment.It was possible to locate the artifacts and even to manually analyze the app data artifacts.Are there any commercial/free/open source tools available for parsing windows 8.1 PC based metro apps data as they(IEF,Belkasoft) do for parsing Internet based artifacts for PC environment..??…Thanks in advance and Happy New Year to all….
I would think that it would depend a great deal on exactly what data you're referring to…that is, where it's located, how it's formatted, etc.
Thanks for the reply..i am referring to the metro app data…for e.g. Facebook metro app….all the artifacts such as post/messages/notifications are stored in .sqlite databases inside the packages directory….e.g. C\Users\{users}\AppData\Local\Packages\Facebook.Facebook_8xx8rvfyw5nnt
Any views on this??
You may want to try my Forensic Browser for SQLite software. It is a generic SQLite Forensic browser so you can create simple or complex reports on any SQLite database. You can easily change timestamps (and timezones) as well as show blobs as pictures, create geolocated maps etc…
More importantly from your point of view there are also some free extensions either written by my self or others that allow some of the custom data formats that are stored by certain applications (such as the blobs in Facebook orca2.db) to be displayed as useful readable text.
There is more information on the Browser (part of the Forensic Toolkit for SQLite) at the following link, as well as a form to request a fully functional demo.
http//
Cheers and Happy New Year )
Paul