Sometimes when conducting forensic examinations, investigators can lose sight of the fact that they’re investigating the actions of a person, not a computer. Almost every event or action on a system is the result of a user either doing something (or not doing something) at a particular time to create that event. It’s important for an investigator to understand how those events on a system correlate to the actions of somebody in the real world.
New with the Business and OS artifacts module in Internet Evidence Finder (IEF) v6.4, Magnet Forensics has added a number of valuable Windows operating system artifacts that will help investigators gain insight into details about a system and its users. These artifacts can be broken down into two categories: system artifacts and artifacts focused around a user’s activity. This blog discusses artifacts based around user activity and how they are relevant to your investigation…