New Cortana Findings in Windows 10 RS4 (1803)

The Windows 10 “Spring Creators Update” (RS4/1803) has brought a lot of changes from functionality and forensic artifact perspectives. I’ve been digging into them, starting with Cortana. A lot of existing Cortana knowledge in the forensic community no longer applies with RS4.

I’m going to use this post to continually update my findings.

Nirsoft’s ESE Database Viewer is still the best program to use for viewing the EDB format files found within Cortana’s folders.