Network connectivity: Interface type and ID, network profile ID, start connection time, and length of connection time.SRUM data is stored in the registry, with historic information contained in a database. SRUM monitors desktop applications, services, window apps, and network connections. Cellebrite Inspector displays BAM and DAM entries in the Actionable Intel tab.Įach entry provides insights into the applications run by the user identified in the SID column. The information is stored in the registry.
A folder for each user (named by SID) provides the following information: BAM and DAM entries are both located in the registry.
RECENTAPPS REGISTRY FORENSICS WINDOWS
So, while you will find BAM entries on all Windows devices, DAM will only contain data on tablets and mobile devices. DAM, which moderates desktop processes, was created to ensure consistent, long battery life for devices that support “Connected Standby” (when the screen is off, but the device is still on). Windows artifacts related to Program Execution parsed by Cellebrite Inspector are all listed under “Program Execution.”Īll of the artifacts displayed in Actionable Intel from previous versions of Cellebrite Inspector (2019 R2 and earlier) are available, as well as the newly-parsed items.īackground Activity Moderator (BAM) and Desktop Activity Moderator (DAM)īAM controls the activity of background applications. The “Actionable Intel” tab has been redesigned to provide easier access to all of the artifacts parsed. Let’s walk through some of these features this solution offers. The 2020 Digital Intelligence Benchmark Report shows that while Smartphones appear as evidence sources in 97% of investigations, computers are the second most important evidence source, appearing in more than half of all investigations.Īccessing information on Macs or Windows-based computers to identify when certain programs or applications were executed, how often were they used, and who accessed them, is information every investigator needs when building timelines to move cases forward.Ĭellebrite now offers a complete solution for accessing and analyzing the most computer data with Cellebrite Inspector (for Windows-based machines) and Cellebrite Digital Collector for use on Macs.Ĭellebrite Inspector processes Windows artifacts in Actionable Intel.