Recent Posts
Artifacts
What is a Windows OpenSave MRU Artifact?
What Is a Windows OpenSave MRU Artifact? The Windows OpenSaveMRU...
Artifacts
What is a Microsoft Office Most Recently Used Artifact “MRU”
What is an Office MRU artifact? This artifact stores references...
Popular categories
Videos
Artifacts
What is a “Most Recently Used” Artifact Video
Welcome to the first installment of the Cyber Triage Artifact Speedrun series! Today, we're discussing the office MRU Artifact and how it can be useful in your DFIR investigation.The office MRU Artifact keeps track of Windows Office files accessed by a user. It exists because Windows Office applications like Word, Excel or otherwise use this to keep a list of the most recent documents opened and display it to the user.How does it work? Entries are created when a document, such as my document dot Docx, is opened each time it's opened. The last open timestamp within the MRU artifact is updated. Therefore, the most recent files opened by a Microsoft Office application can be found in the office MRU Artifact.We hope you found this quick overview informative and helpful in your DFIR investigation. Stay tuned for more Artifact Speedruns!
New Features
Cyber Triage 3.3.0 Release Updates Video
New Release notes 3.3.0 is out and it's better than ever! With New “Data Accessed” data type, Importing Logical files, and PDF / Microsoft Office Document malware scanning.
New Features
Cyber Triage 3.2.0 New Release Video
Cyber Triage version 3.2.0 brings requested customer features, Ingest Batching, Streaming over the Network, and KAPE Import.