What is the UserAssist artifact? UserAssist is a feature in Windows that tracks the usage of executable files and applications launched by the user. It stores this information in the Windows Registry, which can be accessed by forensic analysts to reconstruct a timeline of application usage and user activity. Specifically, it is located within the … Continued
APPLICATION NAME: WhatsApp Messenger CATEGORY: Chat RELATED ARTIFACTS: WhatsApp Contacts, WhatsApp Messages OPERATING SYSTEMS: iOS, Android SOURCE LOCATION: iOS – /root/var/mobile/Applications/net.whatsapp.WhatsApp/Documents/ChatStorage.sqlite Android – /data/data/com.whatsapp/databases/msgstore.db Android – /data/data/com.whatsapp/databases/wa.db Android –/sdcard/WhatsApp/Databases/msgstore.db.crypt* Importance to Investigators Android For Android devices, there are two SQLite databases of value for examiners recovering WhatsApp artifacts: msgstore.db and wa.db. The msgstore.db contains details on any chat conversations … Continued
APPLICATION NAME: Whisper CATEGORY: Social Networking RELATED ARTIFACTS: Whisper Posts, Whisper Messages OPERATING SYSTEMS: iOS, Android SOURCE LOCATION: Android – %root%\data\APPsh.whisper\databases\w.db Android – %root%\data\APPsh.whisper\databases\c.db iOS – %root%\var\mobile\Applications\%GUID%\Documents\Messaging.sqlite iOS – %root%\var\mobile\Applications\%GUID%\Documents\Whisper.sqlite Importance to Investigators Whisper is a popular social networking app that allows users to post messages anonymously and send messages to other users. It is available on both iOS and Android devices. Whisper allows … Continued
APPLICATION NAME: Yik Yak CATEGORY: Chat RELATED ARTIFACTS: Yik Yak Notifications, Yik Yak Yaks OPERATING SYSTEMS: iOS SOURCE LOCATION: iOS – %root%\Library\Caches\engineering.locus.chatter\Cache.db iOS – %root%\Library\Caches\engineering.locus.chatter\fsCachedData\%GUID% Importance to Investigators Yik Yak is a popular social media application most commonly used by young adults. The app, available on iOS and Android smartphones, allows users to post anonymous messages to … Continued
Hosted by Magnet Forensics and Griffeye When it comes to investigating child exploitation, timing is critical. How can you get to key evidence, like pictures and videos, quickly to start building your case? In this recorded webinar, Magnet Forensics and Griffeye joined forces to demonstrate which tools and techniques can be used in your investigation to find, uncover, … Continued
Smartphone apps that allow users to express themselves by messaging, posting, tweeting, liking, commenting, and sharing images and videos, have radically altered communication patterns. This new world of hyper-connected mobile chat and social apps is evolving at warp speed, and it seems like a new app explodes in popularity every month, with others constantly changing … Continued
We just released our July Artifact Update to Magnet IEF customers, which includes a number of new artifacts and improvements for previously supported apps. As part of this release, we wanted to improve support for Windows OS artifacts and integrate some popular customer requests. As a result, this update includes artifact support for the Recycle … Continued
From Jad Saliba, Founder & CTO of Magnet Forensics Today I’m excited to announce the beta availability of a new software product called Magnet ACQUIRE™. Magnet ACQUIRE is a smartphone acquisition tool that will allow you to quickly and easily acquire an image of any iOS or Android smartphone or tablet. We’re looking for forensic professionals to … Continued
Every forensic examiner is familiar with hex and text viewers; they are the cornerstone of the most basic forensic examination. If all your tools and scripts fail or don’t support a given artifact, you can always fall back to a hex viewer to dig into an artifact to uncover any evidence within. New with IEF … Continued
As we continue to add analysis features to Magnet IEF, one of the most common pieces of feedback we receive is that we needed a simplified report viewer for sharing IEF results with non-technical stakeholders. These stakeholders may include other investigators, lawyers, analysts, managers, HR, or anyone else who may be involved with an investigation, … Continued
