Amcache and Shimcache in forensic analysis

Amcache and Shimcache can provide a timeline of which program was executed and when it was first run and last┬ámodified In addition, these artifacts provide program information regarding the file path, size, and hash depending … Continue reading Amcache and Shimcache in forensic analysis