Page Not Found
Page not found. Your pixels are in another canvas.
Sitemap
A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.
Pages
The Mad Scientist Association
About me
Page not in menu
This is a page not in th emain menu
Posts
Microsoft Office Telemetry: Tracking Your Every Move
Published:
Microsoft Office Telemetry: Tracking Your Every Move
publications
Microsoft Office Telemetry Log (TBL) Format
Published in Github, 2018
The Microsoft Office telemetry agent collects data from various Microsoft Office applications, including user name, computer name, filename, document title and author, and last loaded date. This information is valuable for forensic examiners.
Download here
talks
Microsoft Office Telemetry: Tracking Your Every Move
Published:
Starting with Office 2013, Microsoft has released a “compatibility monitoring framework” to help enterprise IT staff management deployments. In doing so, they created a gold mine of data for forensic examiners. Office Telemetry logging includes handy tidbits of data such as: date and time a document was opened and closed, and by which user; metadata about the document that was opened (size, title, author, Office version, etc.); whether the document has specific metadata such as VBA macros or external data connections; and more. To support forensic examiners, a Python utility and Autopsy module have been developed that will parse the telemetry logs and output a detailed spreadsheet, or add blackboard artifacts and a report in Autopsy. Office Telemetry data has been found to provide immense value in creating timelines, as it substantially enriches file system metadata. To date, this valuable source of forensic information is not being parsed by existing forensic tools.