Blog >> Windows 10 Maps

Investigating Windows 10 Maps

29/11/2021 Monday

Windows 10 Maps is an online mapping client software, where the process is served using geographic information systems on the Internet. Windows 10 Maps was developed by Microsoft Corporation, and it is available for Windows 8/10, Xbox One system software, and Xbox Series X/S.

Digital Forensics Value of Windows 10 Maps Artifacts

Windows 10 Maps contain a valuable amount of information about a user’s activities since it stores the location and its related navigation history data for a user such as addresses, latitude longitude points, timestamps, searches and so much more that could be critical to digital forensics investigations.

Location of Windows 10 Maps Artifacts

Windows 10 Maps artifacts are stored in the following locations:

Structure of Windows 10 Maps Artifacts

This artifact consists of a database and a settings file, called Settings.dat. In the .dat file, some useful information about the user could be obtained such as the first name, last name, and username. For the database file, called Collections.db, it has four different tables DBCollection, DBItem, DirtyBit, and Etag. Most of the important data is obtained from DBCollection and DBItem tables.

Analyzing Windows 10 Maps Artifacts with ArtiFast Windows

This section discusses how to use ArtiFast Windows to analyze Windows 10 Maps artifacts from Windows machines and what kind of digital forensics insight we can gain from the artifacts.

After you have created your case and added evidence for the investigation, at the Artifacts Selection phase, you can select Windows 10 Maps artifacts:

Once ArtiFast parser plugins complete processing artifacts for analysis, it can be reviewed via “Artifact View” or “Timeline View”, with indexing, filtering, and searching capabilities. Below is a detailed description of Windows 10 Maps artifacts in ArtiFast Windows.

Windows 10 Maps Items Artifact

Windows 10 Maps Collections Artifact

Windows 10 Maps User Information Artifact

For more information or suggestions please contact: