Amcache and Shimcache in forensic analysis

Amcache and Shimcache can provide a timeline of which program was executed and when it was first run and last┬ámodified In addition, these artifacts provide program information regarding the file path, size, and hash depending on the OS version. Amcache The Amcache.hve file is a registry file that stores the information of executed applications. These … Continue reading Amcache and Shimcache in forensic analysis