Amcache

233

Artifacts

Path/s
%SystemRoot%\AppCompat\Programs\Amcache.hve
Operating System
Windows
Artifact Category
  • Applications
  • Registry
  • System
 The Amcache.hve is a registry hive file that is created by Microsoft® Windows® to store the information related to execution of programs."

Singh, Bhupendra and Singh, Upasna (2016) "Leveraging the Windows Amcache.hve File in Forensic Investigations," Journal of Digital Forensics, Security and Law : Vol. 11 : No. 4 , Article 7.
DOI : https://doi.org/10.15394/jdfsl.2016.1429


Amcache.hve in Windows 8 - Goldmine for malware hunters
http://www.swiftforensics.com/2013/12/amcachehve-in-windows-8-goldmine-for.html

Amcache and Shimcache in forensic analysis
https://www.andreafortuna.org/2017/10/16/amcache-and-shimcache-in-forensic-analysis/

Analysis of the AmCache
https://cyberforensicator.com/2019/01/22/analysis-of-the-amcache/

The Windows Amcache Hive
http://digitalforensicsurvivalpodcast.com/2016/07/05/dfsp-020-amcache-forensics-find-evidence-of-app-execution/

Amcache and USB Device Tracking
https://df-stream.com/2017/10/amcache-and-usb-device-tracking/

AmcacheParser: Reducing the noise, finding the signal
https://binaryforay.blogspot.com/2015/07/amcacheparser-reducing-noise-finding.html

(Am)cache still rules everything around me (part 2 of 1)
https://binaryforay.blogspot.com/2017/10/amcache-still-rules-everything-around.html

User comments

There are no user comments for this listing.
Already have an account? or Create an account