Skip to content

cainesmr/WinSearchDBAnalyzer

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 

Repository files navigation

winsearchdbanalyzer

http://moaistory.blogspot.com/2018/10/winsearchdbanalyzer.html

This tool can parse normal records and recover deleted records in Windows.edb. Windows.edb is used in Windows Search.

WinSearchDBAnalyzer Advantages :

  • WinSearchDBAnalyzer can recovery deleted records.
  • WinSearchDBAnalyzer works well on Windows 10.
  • WinSearchDBAnalyzer can extract and analyze Windows.edb from live system.
  • Regardless of status of the file, WinSearchDBAnalyzer can parse any file. (Dirty status is OK)
  • WinSearchDBAnalyzer shows more information than the other tools . (File categorization by extension, File hierarchy, File Contents)
  • WinSearchDBAnalyzer can apply to UTC time.

What data exists in Windows.edb? :

  • Outlook Mail Data (Time ,Contents)
  • OneNote Title
  • Internet History (URLs, Last visit time)
  • Lnk list
  • Network Drive (When adding offline)
  • Favorites
  • File, Folder Information (Time, Contents(2KB), Path,...)
  • Activity History (Recently used programs, Windows 10 Timeline)

Tips :

  • If you want to see URLs that users visited, Search for: "http://" or "https://"
  • If you want to see internet queries, Search for: "q=" or "query="
  • If you want to see the record for a certain time, Search for: "2018-11-"
  • If you want to see all the records, just select "ALL"
  • When recovering deleted records, be sure to check "Unknown"