From the Windows Search database you can get:
- Full or partial PDF text content
- File name + full path
- Timestamps
- Sometimes even keywords inside the document (
Search_AutoSummary)
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
Tools
SIDR: Search Index Database Reporter
.\sidr.exe -f csv -o C:\Users\PC\Desktop\Artifacts\SearchDB C:\Users\PC\Downloads\hunter\Hunter_Acquisition\Acquisition\2023-06-22T092426_Acquisition\C\ProgramData\Microsoft\search\data\applications\windows\