![]() Let’s walk through some of these features this solution offers. The “Actionable Intel” tab has been redesigned to provide easier access to all of the artifacts parsed. Windows artifacts related to Program Execution parsed by Cellebrite Inspector are all listed under “Program Execution.”Īll of the artifacts displayed in Actionable Intel from previous versions of Cellebrite Inspector (2019 R2 and earlier) are available, as well as the newly-parsed items.īackground Activity Moderator (BAM) and Desktop Activity Moderator (DAM)īAM controls the activity of background applications. ![]() DAM, which moderates desktop processes, was created to ensure consistent, long battery life for devices that support “Connected Standby” (when the screen is off, but the device is still on). So, while you will find BAM entries on all Windows devices, DAM will only contain data on tablets and mobile devices. The information is stored in the registry.Ī folder for each user (named by SID) provides the following information: BAM and DAM entries are both located in the registry. Cellebrite Inspector displays BAM and DAM entries in the Actionable Intel tab.Įach entry provides insights into the applications run by the user identified in the SID column. SRUM monitors desktop applications, services, window apps, and network connections. ![]() Network connectivity: Interface type and ID, network profile ID, start connection time, and length of connection time.SRUM data is stored in the registry, with historic information contained in a database. ![]()
0 Comments
Leave a Reply. |