Application Forensic Artifacts
Forensic artifacts left by installed applications can be an excellent source of data when performing analysis. For example, MRU lists used by applications (and maintained in the Registry) can lead to demonstrating that not only did the suspect know that the files were on the system, but that they viewed them. I've spoken with LEOs who've used this technique successfully.
Here's an excellent post regarding what has been found with respect to Corel Photoshop.
AV application log files can provide a great deal of insight into activity that occurred on the system, such as updates, when scans were run and the results, etc.
Here's an excellent post regarding what has been found with respect to Corel Photoshop.
AV application log files can provide a great deal of insight into activity that occurred on the system, such as updates, when scans were run and the results, etc.