Touch Screen Lexicon Forensics

Touch screen input was carried out in a rapidly growing number of Windows devices, in Barnaby Skeggs’s article the author tells in detail about his research in the forensic examination of the artifact ‘Waitlist.dat’, which, in his opinion, is linked c touch / stylus handwriting into computer software.

‘WaitList.dat’ is a data file that contains the e-mail messages, contacts and document files. Population data on the waiting list associated with the process of “Microsoft Windows Search Indexer”, which locks the file on the waiting list in a living system. waiting list is the next Windows directory systems 8,1 and 10 can be in other OS versions: C:\Users\%User%\AppData\Local\Microsoft\InputPersonalization\TextHarvester\WaitList.dat

WLrip.py (WLrip) is a Python program that he had written to parse the contents of WaitList.dat. WLrip will extract the metadata and the main text of each entry into a new text file and report on metadata in a .csv format. Running WLrip with the ‘-x’ option will produce a .xlsx report with hyperlinks to each .txt file created. This is the recommended method to run WLrip, however it requires the Python ‘XLSXWriter’ module‘.
WaitList is an additional source of information and evidence documents to add to the arsenal of forensic – medical examination and electronic detection tools.
This study, you can explore in detail here, and if you have questions or comments leave a comment.