Take a look at location:
On my workstation there is a folder at this location:
|Looking at the *.log file at this location|
Open the .log file in Notepad++ <download>
File--> Open--> Path to
Open the .log file
|Sample of the "000007.log" file in Notepad++|
In Notepad++ with the .log file open --> Press "ctrl+F"
Searching for the value "renderContent" returned some messages logged from MS Teams.
|Select Find All in Current Document|
The find results show all lines containing the value "renderContent" followed by posted messages.
|Sample recovered MS Teams messages|
There are also other potential values of interest in this log including:
"RichText/Html" (provided further chat and web content)
MESSAGE time values: "composetime", "originalarrivaltime" and "clientArrivalTime"
This is a sample of artifacts left on the workstation when not logged into MS Teams that could be of potential value in an examination. Also recommending checking out a article written a few months back at cyberforensicator <link>.