Awesome

winsearchdbanalyzer

http://moaistory.blogspot.com/2018/10/winsearchdbanalyzer.html

This tool can parse normal records and recover deleted records in Windows.edb. Windows.edb is used in Windows Search.

WinSearchDBAnalyzer Advantages :

• WinSearchDBAnalyzer can recovery deleted records.
• WinSearchDBAnalyzer works well on Windows 10.
• WinSearchDBAnalyzer can extract and analyze Windows.edb from live system.
• Regardless of status of the file, WinSearchDBAnalyzer can parse any file. (Dirty status is OK)
• WinSearchDBAnalyzer shows more information than the other tools . (File categorization by extension, File hierarchy, File Contents)
• WinSearchDBAnalyzer can apply to UTC time.

What data exists in Windows.edb? :

• Outlook Mail Data (Time ,Contents)
• OneNote Title
• Internet History (URLs, Last visit time)
• Lnk list
• Network Drive (When adding offline)
• Favorites
• File, Folder Information (Time, Contents(2KB), Path,...)
• Activity History (Recently used programs, Windows 10 Timeline)

Tips :

• If you want to see URLs that users visited, Search for: "http://" or "https://"
• If you want to see internet queries, Search for: "q=" or "query="
• If you want to see the record for a certain time, Search for: "2018-11-"
• If you want to see all the records, just select "ALL"
• When recovering deleted records, be sure to check "Unknown"