Back to binalyze.com

Windows Collections

AIR supports the following Windows Evidences

Windows Evidence List

#

Evidence (click for details)

Category

Parsed

Sent to the Investigation Hub

Raw Files Collected

1

$Boot

DiskFilesystem

No

Yes

Yes

2

$Log File

DiskFilesystem

No

Yes

Yes

3

$Secure:$SDS

DiskFilesystem

No

Yes

Yes

4

$TxfLog $Tops:$T

DiskFilesystem

No

Yes

Yes

5

ARP Table

Network

Yes

Yes

No

6

AVG Logs

Applications

No

No

Yes

7

Action1 RMM Logs

Applications

No

No

Yes

8

Active Directory Logs

Applications

No

No

Yes

9

AmCache

System

Yes

Yes

Yes

10

AmmyAdmin Logs

Applications

No

No

Yes

11

Antivirus Information

System

Yes

Yes

No

12

AnyDesk Logs

Applications

No

No

Yes

13

Apache Logs

Applications

No

No

Yes

14

AppCompactCache

System

Yes

Yes

No

15

AppPaths

System

Yes

Yes

No

16

Avast Logs

Applications

No

No

Yes

17

Avira Logs

Applications

No

No

Yes

18

Bitdefender Logs

Applications

No

No

Yes

19

Brave Bookmarks

Applications

Yes

Yes

No

20

Brave Browsing History

Applications

Yes

Yes

No

21

Brave Cookies

Applications

Yes

Yes

No

22

Brave Downloads

Applications

Yes

Yes

No

23

Brave Extensions

Applications

Yes

Yes

No

24

Brave Favicons

Applications

Yes

Yes

No

25

Brave Form History

Applications

Yes

Yes

No

26

Brave Local Storage

Applications

Yes

Yes

No

27

Brave Login Data

Applications

Yes

Yes

No

28

Brave Sessions

Applications

Yes

Yes

No

29

Brave Thumbnails

Applications

Yes

Yes

No

30

Brave User Profiles

Applications

Yes

Yes

No

31

Brave Web Storage

Applications

Yes

Yes

No

32

CIDSizeMRU

System

Yes

Yes

No

33

CLR

System

No

Yes

Yes

34

Carbon Black Logs

Applications

No

No

Yes

35

Chrome Bookmarks

Applications

Yes

Yes

No

36

Chrome Browsing History

Applications

Yes

Yes

No

37

Chrome Cookies

Applications

Yes

Yes

No

38

Chrome Downloads

Applications

Yes

Yes

No

39

Chrome Extensions

Applications

Yes

Yes

No

40

Chrome Favicons

Applications

Yes

Yes

No

41

Chrome Form History

Applications

Yes

Yes

No

42

Chrome Local Storage

Applications

Yes

Yes

No

43

Chrome Login Data

Applications

Yes

Yes

No

44

Chrome Sessions

Applications

Yes

Yes

No

45

Chrome Thumbnails

Applications

Yes

Yes

No

46

Chrome User Profiles

Applications

Yes

Yes

No

47

Chrome Web Storage

Applications

Yes

Yes

No

48

Cisco AMP Logs

Applications

No

No

Yes

49

Collect LNK Files

System

Yes

Yes

Yes

50

Collect SRUM Database Files

System

No

No

Yes

51

ComboFix

Applications

No

No

Yes

52

Cortana History

Applications

No

No

Yes

53

Crash Dump Information

System

Yes

Yes

No

54

Cybereason Logs

Applications

No

No

Yes

55

Cylance Logs

Applications

No

No

Yes

56

DHCP Server Logs

Applications

No

No

Yes

57

DNS Cache

Network

Yes

Yes

No

58

DNS Server Logs

Applications

No

No

Yes

59

DNS Servers

Network

Yes

Yes

No

60

Deep Instinct Logs

Applications

No

No

Yes

61

Default Browser

Applications

Yes

Yes

No

62

Discord Desktop Cache

Applications

No

No

Yes

63

Docker Changes

Applications

Yes

Yes

No

64

Docker Container Logs

Applications

Yes

Yes

No

65

Docker Containers

Applications

Yes

Yes

No

66

Docker Image History

Applications

Yes

Yes

No

67

Docker Images

Applications

Yes

Yes

No

68

Docker Info

Applications

Yes

Yes

No

69

Docker Networks

Applications

Yes

Yes

No

70

Docker Processes

Applications

Yes

Yes

No

71

Docker Volumes

Applications

Yes

Yes

No

72

Downloaded Files Information

System

Yes

Yes

No

73

Driver Objects

System

Yes

Yes

No

74

Drivers List

System

Yes

Yes

No

75

Dropbox Cache

Applications

No

No

Yes

76

Dropbox Databases

Applications

No

No

Yes

77

Dropbox Logs

Applications

No

No

Yes

78

Dump Brave Indexed DB

Applications

Yes

Yes

No

79

Dump Chrome Indexed DB

Applications

Yes

Yes

No

80

Dump Edge Indexed DB

Applications

Yes

Yes

No

81

Dump Opera Indexed DB

Applications

Yes

Yes

No

82

Dump QQ Indexed DB

Applications

Yes

Yes

No

83

Dump Vivaldi Indexed DB

Applications

Yes

Yes

No

84

ETL

System

No

Yes

Yes

85

Edge Bookmarks

Applications

Yes

Yes

No

86

Edge Cookies

Applications

Yes

Yes

No

87

Edge Downloads

Applications

Yes

Yes

No

88

Edge Extensions

Applications

Yes

Yes

No

89

Edge Favicons

Applications

Yes

Yes

No

90

Edge Form History

Applications

Yes

Yes

No

91

Edge Local Storage

Applications

Yes

Yes

No

92

Edge Login Data

Applications

Yes

Yes

No

93

Edge Sessions

Applications

Yes

Yes

No

94

Edge Thumbnails

Applications

Yes

Yes

No

95

Edge User Profiles

Applications

Yes

Yes

No

96

Edge Web Storage

Applications

Yes

Yes

No

97

Elastic Logs

Applications

No

No

Yes

98

Environment Variables

System

Yes

Yes

No

99

Eset Logs

Applications

No

No

Yes

100

Event Log EVT Files

EventLogs

Yes

Yes

No

101

Event Log EVT Records

EventLogs

Yes

Yes

Yes

102

Event Log EVTX Files

EventLogs

Yes

Yes

No

103

EventTranscript DB

System

Yes

Yes

Yes

104

Evernote Databases

Applications

No

No

Yes

105

Evernote Drag and Drop Files

Applications

No

No

Yes

106

Evernote Logs

Applications

No

No

Yes

107

Everything History

Applications

No

No

Yes

108

F-Secure Logs

Applications

No

No

Yes

109

Facebook Cache

Applications

No

No

Yes

110

Facebook Databases

Applications

No

No

Yes

111

FileExts

System

Yes

Yes

No

112

FileZilla Sessions

Applications

No

No

Yes

113

FireEye Logs

Applications

No

No

Yes

114

Firefox Browsing History

Applications

Yes

Yes

No

115

Firefox Cookies

Applications

Yes

Yes

No

116

Firefox Downloads

Applications

Yes

Yes

No

117

Firefox Extensions

Applications

Yes

Yes

No

118

Firewall Rules

Network

Yes

Yes

No

119

FirstFolder

System

Yes

Yes

No

120

Github Desktop Cache

Applications

No

No

Yes

121

Github Desktop Databases

Applications

No

No

Yes

122

Github Desktop Logs

Applications

No

No

Yes

123

GoTo Logs

Applications

No

No

Yes

124

Google Drive Databases

Applications

No

No

Yes

125

Hibernation File

Memory

No

Yes

Yes

126

HitmanPro Logs

Applications

No

No

Yes

127

Hosts

Network

Yes

Yes

Yes

128

IE 10,11,Edge Browsing History

Applications

Yes

Yes

Yes

129

IE 7,8,9 Browsing History

Applications

Yes

Yes

Yes

130

IIS Logs

Applications

No

No

Yes

131

INF Setup

System

No

Yes

Yes

132

IPv4 Routes

Network

Yes

Yes

No

133

Iconcache

System

No

Yes

Yes

134

Installed Applications

System

Yes

Yes

No

135

JumpList Automatic Entries

System

Yes

Yes

No

136

JumpList Automatic Files

System

Yes

Yes

Yes

137

JumpList Custom Entries

System

Yes

Yes

No

138

JumpList Custom Files

System

Yes

Yes

Yes

139

Kaseya Logs

Applications

No

No

Yes

140

LastVisitedPidlMRU

System

Yes

Yes

No

141

Level Logs

Applications

No

No

Yes

142

LinkedIn Cache

Applications

No

No

Yes

143

LogMeIn Logs

Applications

No

No

Yes

144

MBR

DiskFilesystem

No

Yes

Yes

145

MFT

DiskFilesystem

No

Yes

Yes

146

MFT Mirror

DiskFilesystem

No

Yes

Yes

147

MFT as CSV

DiskFilesystem

Yes

No

No

148

MSSQL Logs

Applications

No

No

Yes

149

MalwareBytes Logs

Applications

No

No

Yes

150

Map Network Drive MRU

System

Yes

Yes

No

151

McAfee Logs

Applications

No

No

Yes

152

Microsoft Calendar

Applications

No

No

Yes

153

Microsoft Exchange Logs

Applications

No

No

Yes

154

Microsoft Mail

Applications

No

No

Yes

155

Microsoft Maps

Applications

No

No

Yes

156

Microsoft Outlook

Applications

No

No

Yes

157

Microsoft People

Applications

No

No

Yes

158

Microsoft Photos

Applications

No

No

Yes

159

Microsoft Sticky Notes

Applications

No

No

Yes

160

Microsoft Store Applications List

Applications

No

No

Yes

161

Microsoft Voice Record History

Applications

No

No

Yes

162

MongoDB Logs

Applications

No

No

Yes

163

Mozilla Thunderbird

Applications

No

No

Yes

164

NTDS.dit

System

No

Yes

Yes

165

Network Adapters

Network

Yes

Yes

No

166

Network Shares

Network

Yes

Yes

No

167

Notepad++ Sessions

Applications

No

No

Yes

168

Object Directory

System

Yes

Yes

No

169

OfficeMRU

System

Yes

Yes

No

170

Old Registry Hives

System

No

Yes

Yes

171

OneDrive Logs

Applications

No

No

Yes

172

OpenSavePidlMRU

System

Yes

Yes

No

173

OpenVPN Config

Applications

No

No

Yes

174

Opera Bookmarks

Applications

Yes

Yes

No

175

Opera Browsing History

Applications

Yes

Yes

No

176

Opera Cookies

Applications

Yes

Yes

No

177

Opera Downloads

Applications

Yes

Yes

No

178

Opera Extensions

Applications

Yes

Yes

No

179

Opera Favicons

Applications

Yes

Yes

No

180

Opera Form History

Applications

Yes

Yes

No

181

Opera Local Storage

Applications

Yes

Yes

No

182

Opera Login Data

Applications

Yes

Yes

No

183

Opera Sessions

Applications

Yes

Yes

No

184

Opera Thumbnails

Applications

Yes

Yes

No

185

Opera User Profiles

Applications

Yes

Yes

No

186

Opera Web Storage

Applications

Yes

Yes

No

187

PDB Information

System

Yes

Yes

No

188

Page File

Memory

No

Yes

Yes

189

Palo Alto Logs

Applications

No

No

Yes

190

Parse LNK Files

System

Yes

Yes

No

191

Parse SRUM Application Timeline

System

No

Yes

No

192

Parse SRUM Application Usage

System

No

Yes

No

193

Parse SRUM Energy Usage

System

No

Yes

No

194

Parse SRUM Network Connectivity

System

No

Yes

No

195

Parse SRUM Network Usage

System

No

Yes

No

196

Powershell ConsoleHost History

System

Yes

Yes

No

197

Powershell Logs

System

No

Yes

Yes

198

Prefetch Files

System

Yes

Yes

Yes

199

Proxy List

Network

Yes

Yes

No

200

QQ Bookmarks

Applications

Yes

Yes

No

201

QQ Browsing History

Applications

Yes

Yes

No

202

QQ Cookies

Applications

Yes

Yes

No

203

QQ Downloads

Applications

Yes

Yes

No

204

QQ Extensions

Applications

Yes

Yes

No

205

QQ Favicons

Applications

Yes

Yes

No

206

QQ Form History

Applications

Yes

Yes

No

207

QQ Local Storage

Applications

Yes

Yes

No

208

QQ Login Data

Applications

Yes

Yes

No

209

QQ Sessions

Applications

Yes

Yes

No

210

QQ Thumbnails

Applications

Yes

Yes

No

211

QQ User Profiles

Applications

Yes

Yes

No

212

QQ Web Storage

Applications

Yes

Yes

No

213

Quick Assist

System

Yes

Yes

No

214

RAM Image

Memory

No

Yes

Yes

215

RDP Cache

System

No

Yes

Yes

216

RealVNC Logs

Applications

No

No

Yes

217

Recent File Cache

System

No

Yes

Yes

218

RecentDocs

System

Yes

Yes

No

219

Recycle Bin Information

System

Yes

Yes

No

220

Registry Hives

System

No

Yes

Yes

221

Registry Items

System

Yes

Yes

Yes

222

RemComSvc Logs

Applications

No

No

Yes

223

Remote Utilities Logs

Applications

No

No

Yes

224

RogueKiller Reports

Applications

No

No

Yes

225

RunMRU

System

Yes

Yes

No

226

Running Processes and Modules

System

Yes

Yes

No

227

SAM Users and Groups

System

Yes

Yes

No

228

SDB

System

No

Yes

Yes

229

SRUM

System

Yes

Yes

Yes

230

SUPERAntiSpyware Logs

Applications

No

No

Yes

231

Scheduled Tasks

System

Yes

Yes

Yes

232

ScreenConnect (ConnectWise Control) Application Data

Applications

No

No

Yes

233

Search History

Applications

No

No

Yes

234

SentinelOne Logs

Applications

No

No

Yes

235

Service List

System

Yes

Yes

Yes

236

Shadow Copy as CSV

DiskFilesystem

Yes

Yes

No

237

ShellBags

System

Yes

Yes

No

238

ShellFolders

System

Yes

Yes

No

239

Skype Databases

Applications

No

No

Yes

240

Skype Media

Applications

No

No

Yes

241

Sophos Logs

Applications

No

No

Yes

242

Sourcefire FireAMP Logs

Applications

No

No

Yes

243

Splashtop Logs

Applications

No

No

Yes

244

Spotify Cache

Applications

No

No

Yes

245

Spotify Recently Played List

Applications

No

No

Yes

246

Startup Items

System

Yes

Yes

Yes

247

Sublime Text Sessions

Applications

No

No

Yes

248

Superfetch

System

No

Yes

Yes

249

Supremo Remote Desktop Logs

Applications

No

No

Yes

250

Swap File

Memory

No

Yes

Yes

251

Symantec Logs

Applications

No

No

Yes

252

System Restore Points Information

System

Yes

Yes

No

253

TCP Table

Network

Yes

Yes

No

254

Tanium Logs

Applications

No

No

Yes

255

Teamviewer Logs

Applications

No

No

Yes

256

Telegram Desktop Data

Applications

No

No

Yes

257

Telegram Desktop Download

Applications

No

No

Yes

258

Thumbcache

System

No

Yes

Yes

259

TightVNC Logs

Applications

No

No

Yes

260

Tortoise Git Logs

Applications

No

No

Yes

261

TotalAv Logs

Applications

No

No

Yes

262

Trend Micro Logs

Applications

No

No

Yes

263

Twitter Cache

Applications

No

No

Yes

264

Twitter Databases

Applications

No

No

Yes

265

TypedPaths

System

Yes

Yes

No

266

TypedURLs

System

Yes

Yes

No

267

UDP Table

Network

Yes

Yes

No

268

USB Storage History

DiskFilesystem

Yes

Yes

No

269

USN Journal

DiskFilesystem

No

Yes

Yes

270

USN Journal $Max

DiskFilesystem

No

Yes

Yes

271

USN Journal as CSV

DiskFilesystem

Yes

Yes

No

272

UltraVNC Logs

Applications

No

No

Yes

273

Ultraviewer Logs

Applications

No

No

Yes

274

User Access Logs (UAL)

System

Yes

Yes

Yes

275

User Folders

System

Yes

Yes

No

276

UserAssist

System

Yes

Yes

No

277

Users

System

Yes

Yes

No

278

VIPRE Logs

Applications

No

No

Yes

279

VMware Config

Applications

No

No

Yes

280

VMware Drag and Drop Files

Applications

No

No

Yes

281

VMware Logs

Applications

No

No

Yes

282

Visual Studio Team Explorer Config

Applications

No

No

Yes

283

Vivaldi Bookmarks

Applications

Yes

Yes

No

284

Vivaldi Browsing History

Applications

Yes

Yes

No

285

Vivaldi Cookies

Applications

Yes

Yes

No

286

Vivaldi Downloads

Applications

Yes

Yes

No

287

Vivaldi Extensions

Applications

Yes

Yes

No

288

Vivaldi Favicons

Applications

Yes

Yes

No

289

Vivaldi Form History

Applications

Yes

Yes

No

290

Vivaldi Local Storage

Applications

Yes

Yes

No

291

Vivaldi Login Data

Applications

Yes

Yes

No

292

Vivaldi Sessions

Applications

Yes

Yes

No

293

Vivaldi Thumbnails

Applications

Yes

Yes

No

294

Vivaldi User Profiles

Applications

Yes

Yes

No

295

Vivaldi Web Storage

Applications

Yes

Yes

No

296

Volumes Information

DiskFilesystem

Yes

Yes

No

297

WBEM

System

No

Yes

Yes

298

WMI Active Script

System

Yes

Yes

No

299

WMI Command Line

System

Yes

Yes

No

300

WSL

Applications

No

No

Yes

301

Webroot Logs

Applications

No

No

Yes

302

WhatsApp Desktop Cache

Applications

No

No

Yes

303

WhatsApp Desktop Cookie

Applications

No

No

Yes

304

WinRAR History

Applications

Yes

Yes

No

305

Windows Defender Logs

Applications

No

No

Yes

306

Windows Error Reporting Files

System

No

No

Yes

307

Windows Index Search

System

No

Yes

Yes

308

Windows Live Mail User Settings

Applications

No

No

Yes

309

Windows Notification History

Applications

No

No

Yes

310

Windows Timeline

System

Yes

Yes

Yes

311

Wireless Connection History

Network

Yes

Yes

No

312

WordWheelQuery

System

Yes

Yes

No

313

Xeox Logs

Applications

No

No

Yes

314

ZohoAssist Logs

Applications

No

No

Yes

315

Zoom Databases

Applications

No

No

Yes

316

Zoom Media

Applications

No

No

Yes

317

iTunes Backups

Applications

No

No

Yes

PreviousSupported EvidenceNext$Boot

Last updated

Was this helpful?