EventTranscript.db

EventTranscript.db Deep Dive - New Windows Forensic Artifact!

Artifacts

Operating System
Windows
Path
C:\ProgramData\Microsoft\Diagnosis\EventTranscript\EventTranscript.db

Based on Kroll’s ongoing examination, EventTranscript.db appears to serve as the local storage for the Windows Diagnostics and Telemetry subsystem whose contents can be displayed with the Diagnostic Data Viewer application within Windows 10. - Kroll https://web.archive.org/web/20211227201637/https://www.kroll.com/en/insights/publications/cyber/forensically-unpacking-eventtranscript/diving-deeper-into-eventtranscript

References

Forensically Unpacking EventTranscript.db: An Investigative Series - Kroll

EventTranscript.db Research - Andrew Rathbun

 

 

User comments

There are no user comments for this listing.