Sign up to save your podcasts
Or
Share DFSP # 014 - Shimcache
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DFSP # 014 - Shimcache
In this episode I talk Shimcache, otherwise known as the Application Compatibility Cache. This registry key has existed since Windows XP and tracks executable on a system, making it a great source of digital evidence for both disk forensics and incident response cases. In addition, there are freely available tools that will parse the data. It is not a difficult artifact to understand. Once an analyst spends the time learning how to pull, parse and interpret the data it is easily incorporated into an investigation and aligns well with other Windows artifacts.
View all episodes
By Digital Forensic Survival Podcast
4.9
6161 ratings
In this episode I talk Shimcache, otherwise known as the Application Compatibility Cache. This registry key has existed since Windows XP and tracks executable on a system, making it a great source of digital evidence for both disk forensics and incident response cases. In addition, there are freely available tools that will parse the data. It is not a difficult artifact to understand. Once an analyst spends the time learning how to pull, parse and interpret the data it is easily incorporated into an investigation and aligns well with other Windows artifacts.
More shows like Digital Forensic Survival Podcast
View all
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
Hacked
183 Listeners
CyberWire Daily
1,008 Listeners
Smashing Security
311 Listeners
Click Here
401 Listeners
Darknet Diaries
7,870 Listeners
CISO Series Podcast
187 Listeners
Hacking Humans
314 Listeners
Forensic Focus
6 Listeners
Cyber Security Headlines
129 Listeners
Risky Bulletin
33 Listeners
Hacker And The Fed
158 Listeners
Digital Forensics Now
14 Listeners