List of Windows 10 Timeline analysis articles
- Windows 10 Timeline Forensic Artefacts — CCL Group
https://cclgroupltd.com/2018/05/03/windows-10-timeline-forensic-artefacts/
Analysis Article
- WindowsTimeline | SQLite query & Powershell scripts to parse the Windows 10 (v1803+) ActivitiesCache.db
https://kacos2000.github.io/WindowsTimeline/ - Windows 10 ActivitiesCache.db examination
https://kacos2000.github.io/WindowsTimeline/WindowsTimeline.pdf - Windows 10 Timeline
https://www.group-ib.com/blog/windows10_timeline_for_forensics
Effect of activity deletion on ActivitiesCache.db
- Win 10 1803 とActivitiesCache.db — @port139 Blog
http://port139.hatenablog.com/entry/2018/05/19/070956
(in Japanese) - ActivitiesCache.dbとアクティビティ削除 — @port139 Blog
http://port139.hatenablog.com/entry/2018/05/26/072239
(in Japanese) - ActivitiesCache.dbとアクティビティ削除(2) — @port139 Blog
http://port139.hatenablog.com/entry/2018/06/02/090220
(in Japanese) - ActivitiesCache.dbとアクティビティ削除(3) — @port139 Blog
http://port139.hatenablog.com/entry/2018/06/10/103330
(in Japanese)
Tools
- Introducing WxTCmd! | binary foray
https://binaryforay.blogspot.com/2018/05/introducing-wxtcmd.html - Timeline ActivitiesCache Parser
https://tzworks.net/prototype_page.php?proto_id=41 - ActivitiesCache Autopsy Plugin — markmckinnon — Medium
https://medium.com/@markmckinnon_80619/activitiescache-autopsy-plugin-d9a478e956b
Update History
- 2019/10/05 New.
- 2020/03/03 Revised.
