Investigating User Activity with Windows Artifacts in IEF

Sometimes when conducting forensic examinations, investigators can lose sight of the fact that they’re investigating the actions of a person, not a computer. Almost every event or action on a system is the result of a user either doing something (or not doing something) at a particular time to create that event. It’s important for an investigator to understand how those events on a system correlate to the actions of somebody in the real world.

New with the Business and OS artifacts module in Internet Evidence Finder (IEF) v6.4, Magnet Forensics has added a number of valuable Windows operating system artifacts that will help investigators gain insight into details about a system and its users. These artifacts can be broken down into two categories: system artifacts and artifacts focused around a user’s activity. This blog discusses artifacts based around user activity and how they are relevant to your investigation…

Read More (Magnet Forensics)

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles