search

ForensicArtifacts / artifacts

Digital Forensics artifact repository
Apache License 2.0
1.06k stars 206 forks source link

WindowsBITSQueueManagerDatabases: collect recent database too #433

Closed ant1 closed 3 years ago

ant1 commented 3 years ago

On new versions of windows, qmgr*.dat no longer exists.

Here is what I have on my computer running Windows 10 21H1 :

C:\ProgramData\Microsoft\Network\Downloader>dir /B edb.chk edb.log edb00007.log edbres00001.jrs edbres00002.jrs edbtmp.log qmgr.db qmgr.jfm

codecov[bot] commented 3 years ago

Codecov Report

Merging #433 (a6808a3) into main (2723924) will not change coverage. The diff coverage is n/a.

:exclamation: Current head a6808a3 differs from pull request most recent head dd4721f. Consider uploading reports for the commit dd4721f to get more accurate results Impacted file tree graph

@@           Coverage Diff           @@
##             main     #433   +/-   ##
=======================================
  Coverage   91.92%   91.92%           
=======================================
  Files           7        7           
  Lines         446      446           
=======================================
  Hits          410      410           
  Misses         36       36

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 2723924...dd4721f. Read the comment docs.

joachimmetz commented 3 years ago

I suspect qmgr.db to be the database the other files are likely to be transaction logs and other auxiliary files