Search History

Overview

Evidence: Search History Description: Collect Windows Start Menu Search History Category: Applications Platform: windows Short Name: srch Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Windows Start Menu and search bar maintain history of user searches, including files searched for, applications launched, and web queries. This data is stored in the ConnectedSearch directory.

Data Collected

This collector gathers structured data about search history.

Collection Method

This collector gathers files from the Windows ConnectedSearch History directory containing search queries and interaction history.

Forensic Value

Search history reveals user intent, files accessed, applications used, and information sought. This can identify attempts to find specific files, delete evidence, or search for security tools and anti-forensics software.