
Sign up to save your podcasts
Or
In this episode I talk Shimcache, otherwise known as the Application Compatibility Cache. This registry key has existed since Windows XP and tracks executable on a system, making it a great source of digital evidence for both disk forensics and incident response cases. In addition, there are freely available tools that will parse the data. It is not a difficult artifact to understand. Once an analyst spends the time learning how to pull, parse and interpret the data it is easily incorporated into an investigation and aligns well with other Windows artifacts.
4.9
6161 ratings
In this episode I talk Shimcache, otherwise known as the Application Compatibility Cache. This registry key has existed since Windows XP and tracks executable on a system, making it a great source of digital evidence for both disk forensics and incident response cases. In addition, there are freely available tools that will parse the data. It is not a difficult artifact to understand. Once an analyst spends the time learning how to pull, parse and interpret the data it is easily incorporated into an investigation and aligns well with other Windows artifacts.
361 Listeners
627 Listeners
363 Listeners
184 Listeners
1,002 Listeners
311 Listeners
398 Listeners
7,872 Listeners
187 Listeners
314 Listeners
6 Listeners
129 Listeners
33 Listeners
158 Listeners
14 Listeners