Quick Assist
Overview
Section titled “Overview”Evidence: Quick Assist
Description: Collect Quick Assist History
Category: System
Platform: windows
Short Name: qas
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”Quick Assist stores browser-based history in an embedded WebView database. This data is essential for understanding remote assistance usage and potential unauthorized remote access.
Data Collected
Section titled “Data Collected”This collector gathers structured data about quick assist.
Collection Method
Section titled “Collection Method”This collector locates history SQLite files under user temp RemoteHelp paths, copies them, and queries visit URL, title, and visit time.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it indicates when and which remote sessions or pages were accessed via Quick Assist.