Microsoft's Your Phone environment from a digital forensic perspective

Domingues, Patrício; Andrade, Luís; Frade, Miguel

doi:10.1016/j.fsidi.2021.301177

Cited by 4 publications

(2 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A much-trimmed example is given in Listing 2. It is a message from Microsoft's Your Phone application [2]. The given example has an explicitly named payload of 2886 bytes.…”

Section: Windows Log Eventsmentioning

confidence: 99%

“…Specifically, the left badge signals that Microsoft Teams has one new event to report (e.g., a newly received message), while the center badge reports on a new message by the Facebook Messenger client. Finally, the right-most badge alerts that there are six events to process from Windows Your Phone, which can correspond to newly received SMS (Short Text Messages) or notifications from the coupled Android smartphone [2]. Tiles first appeared with Windows 8, when Microsoft decided to overhaul the interface of the OS, namely the start menu, introducing the Metro interface, along with a new type of applications called Metro Apps, guiding Windows 8 for touch interfaces [3].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Digital Forensic View of Windows 10 Notifications

2022

Self Cite

View full text Add to dashboard Cite

Windows Push Notifications (WPN) is a relevant part of Windows 10 interaction with the user. It is comprised of badges, tiles and toasts. Important and meaningful data can be conveyed by notifications, namely by so-called toasts that can popup with information regarding a new incoming email or a recent message from a social network. In this paper, we analyze the Windows 10 Notification systems from a digital forensic perspective, focusing on the main forensic artifacts conveyed by WPN. We also briefly analyze Windows 11 first release’s WPN system, observing that internal data structures are practically identical to Windows 10. We provide an open source Python 3 command line application to parse and extract data from the Windows Push Notification SQLite3 database, and a Jython module that allows the well-known Autopsy digital forensic software to interact with the application and thus to also parse and process Windows Push Notifications forensic artifacts. From our study, we observe that forensic data provided by WPN are scarce, although they still need to be considered, namely if traditional Windows forensic artifacts are not available. Furthermore, toasts are clearly WPN’s most relevant source of forensic data.

show abstract

“…A much-trimmed example is given in Listing 2. It is a message from Microsoft's Your Phone application [2]. The given example has an explicitly named payload of 2886 bytes.…”

Section: Windows Log Eventsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%