Windows Collections
AIR supports the following Windows Evidence and Artifacts
Windows Evidence List
#
Category
Evidence (click for details)
Parsed
Investigation Hub
Source Files Collected
174
Process Execution
Parse LNK Files
awaits
awaits
awaits
188
Other Evidence
Powershell ConsoleHost History
awaits
awaits
awaits
Windows Artifact List:
#
Category
Artifact (click for details)
Parsed
Investigation Hub
Source Files Collected
1
Server
Apache Logs
No
No
Yes
2
Server
MongoDB Logs
No
No
Yes
3
Server
IIS Logs
No
No
Yes
4
Server
MSSQL Logs
No
No
Yes
5
Server
Microsoft Exchange Logs
No
No
Yes
6
Server
DHCP Server Logs
No
No
Yes
7
Server
DNS Server Logs
No
No
Yes
8
Server
Active Directory Logs
No
No
Yes
9
Microsoft Applications
Microsoft Photos
No
No
Yes
10
Microsoft Applications
Cortana History
No
No
Yes
11
Microsoft Applications
Microsoft Store Applications List
No
No
Yes
12
Microsoft Applications
Microsoft Sticky Notes
No
No
Yes
13
Microsoft Applications
Microsoft Maps
No
No
Yes
14
Microsoft Applications
Microsoft Voice Record History
No
No
Yes
15
Microsoft Applications
Windows Notification History
No
No
Yes
16
Microsoft Applications
Search History
No
No
Yes
17
Microsoft Applications
Microsoft People
No
No
Yes
18
Microsoft Applications
Microsoft Calendar
No
No
Yes
19
Communication
Discord Desktop Cache
No
No
Yes
20
Communication
Microsoft Mail
No
No
Yes
21
Communication
Microsoft Outlook
No
No
Yes
22
Communication
Mozilla Thunderbird
No
No
Yes
23
Communication
Skype Databases
No
No
Yes
24
Communication
Skype Media
No
No
Yes
25
Communication
Telegram Desktop Data
No
No
Yes
26
Communication
Telegram Desktop Download
No
No
Yes
27
Communication
WhatsApp Desktop Cache
No
No
Yes
28
Communication
WhatsApp Desktop Cookie
No
No
Yes
29
Communication
Windows Live Mail User Settings
No
No
Yes
30
Communication
Zoom Databases
No
No
Yes
31
Communication
Zoom Media
No
No
Yes
32
Remote Desktop Management Tools
Action1 RMM Logs
No
No
Yes
33
Remote Desktop Management Tools
AmmyAdmin Logs
No
No
Yes
34
Remote Desktop Management Tools
AnyDesk Logs
No
No
Yes
35
Remote Desktop Management Tools
GoTo Logs
No
No
Yes
36
Remote Desktop Management Tools
Kaseya Logs
No
No
Yes
37
Remote Desktop Management Tools
Level Logs
No
No
Yes
38
Remote Desktop Management Tools
LogMeIn Logs
No
No
Yes
39
Remote Desktop Management Tools
RealVNC Logs
No
No
Yes
40
Remote Desktop Management Tools
RemComSvc Logs
No
No
Yes
41
Remote Desktop Management Tools
Remote Utilities Logs
No
No
Yes
42
Remote Desktop Management Tools
ScreenConnect (ConnectWise Control) Application Data
No
No
Yes
43
Remote Desktop Management Tools
Splashtop Logs
No
No
Yes
44
Remote Desktop Management Tools
Supremo Remote Desktop Logs
No
No
Yes
45
Remote Desktop Management Tools
Teamviewer Logs
No
No
Yes
46
Remote Desktop Management Tools
TightVNC Logs
No
No
Yes
47
Remote Desktop Management Tools
Ultraviewer Logs
No
No
Yes
48
Remote Desktop Management Tools
UltraVNC Logs
No
No
Yes
49
Remote Desktop Management Tools
Xeox Logs
No
No
Yes
50
Remote Desktop Management Tools
ZohoAssist Logs
No
No
Yes
51
Social Artifacts
Twitter Databases
No
No
Yes
52
Social Artifacts
Twitter Cache
No
No
Yes
53
Social Artifacts
Facebook Databases
No
No
Yes
54
Social Artifacts
Facebook Cache
No
No
Yes
55
Social Artifacts
LinkedIn Cache
No
No
Yes
56
Social Artifacts
Spotify Recently Played List
No
No
Yes
57
Social Artifacts
Spotify Cache
No
No
Yes
58
Productivity Artifacts
Sublime Text Sessions
No
No
Yes
59
Productivity Artifacts
Notepad++ Sessions
No
No
Yes
60
Productivity Artifacts
OpenVPN Config
No
No
Yes
61
Productivity Artifacts
Everything History
No
No
Yes
62
Productivity Artifacts
Evernote Databases
No
No
Yes
63
Productivity Artifacts
Evernote Drag and Drop Files
No
No
Yes
64
Productivity Artifacts
Evernote Logs
No
No
Yes
65
Utilities Artifacts
iTunes Backups
No
No
Yes
66
Utilities Artifacts
VMware Config
No
No
Yes
67
Utilities Artifacts
VMware Drag and Drop Files
No
No
Yes
68
Utilities Artifacts
VMware Logs
No
No
Yes
69
Developer Tools
FileZilla Sessions
No
No
Yes
70
Developer Tools
Visual Studio Team Explorer Config
No
No
Yes
71
Developer Tools
Github Desktop Databases
No
No
Yes
72
Developer Tools
Github Desktop Cache
No
No
Yes
73
Developer Tools
Github Desktop Logs
No
No
Yes
74
Developer Tools
WSL
No
No
Yes
75
Developer Tools
Tortoise Git Logs
No
No
Yes
76
Cloud Artifacts
Google Drive Databases
No
No
Yes
77
Cloud Artifacts
Dropbox Databases
No
No
Yes
78
Cloud Artifacts
Dropbox Logs
No
No
Yes
79
Cloud Artifacts
Dropbox Cache
No
No
Yes
80
Cloud Artifacts
OneDrive Logs
No
No
Yes
90
Antivirus Logs
Avast Logs
No
No
Yes
91
Antivirus Logs
AVG Logs
No
No
Yes
92
Antivirus Logs
Avira Logs
No
No
Yes
93
Antivirus Logs
Bitdefender Logs
No
No
Yes
94
Antivirus Logs
Carbon Black Logs
No
No
Yes
95
Antivirus Logs
Cisco AMP Logs
No
No
Yes
96
Antivirus Logs
ComboFix
No
No
Yes
97
Antivirus Logs
Cybereason Logs
No
No
Yes
98
Antivirus Logs
Cylance Logs
No
No
Yes
99
Antivirus Logs
Deep Instinct Logs
No
No
Yes
100
Antivirus Logs
Elastic Logs
No
No
Yes
101
Antivirus Logs
Eset Logs
No
No
Yes
102
Antivirus Logs
F-Secure Logs
No
No
Yes
103
Antivirus Logs
FireEye Logs
No
No
Yes
104
Antivirus Logs
HitmanPro Logs
No
No
Yes
105
Antivirus Logs
MalwareBytes Logs
No
No
Yes
106
Antivirus Logs
McAfee Logs
No
No
Yes
107
Antivirus Logs
Palo Alto Logs
No
No
Yes
108
Antivirus Logs
RogueKiller Reports
No
No
Yes
109
Antivirus Logs
SentinelOne Logs
No
No
Yes
110
Antivirus Logs
Sophos Logs
No
No
Yes
111
Antivirus Logs
Sourcefire FireAMP Logs
No
No
Yes
112
Antivirus Logs
SUPERAntiSpyware Logs
No
No
Yes
113
Antivirus Logs
Symantec Logs
No
No
Yes
114
Antivirus Logs
Tanium Logs
No
No
Yes
115
Antivirus Logs
TotalAv Logs
No
No
Yes
116
Antivirus Logs
Trend Micro Logs
No
No
Yes
117
Antivirus Logs
VIPRE Logs
No
No
Yes
118
Antivirus Logs
Webroot Logs
No
No
Yes
119
Antivirus Logs
Windows Defender Logs
No
No
Yes
Last updated
Was this helpful?