appcompatprocessor icon indicating copy to clipboard operation
appcompatprocessor copied to clipboard

verified publisher icon mbevilacqua

Metadata

"Evolving AppCompat/AmCache data analysis beyond grep"

Results 6 appcompatprocessor issues
Sort by recently updated
recently updated
newest added

Update README.md

1 comment

Add a comment that it seems to work OK on Windows Subsystem for Linux (WSL) on Windows 10.

bridgeythegeek avatar bridgeythegeek

Add Syscache.hve artifact

2 comment

Hi Matias, Do you have plan to add the parsing and analysis for the syscache.hve. You can look into David Cowen research below https://www.hecfblog.com/2018/12/daily-blog-573-forensic-lunch-test.html?m=1

nwf9 avatar nwf9

enhancement

Unable to process SYSTEM hive for Windows 10 18003 Build 17134.1

On hold: https://github.com/mandiant/ShimCacheParser/issues/20

mbevilacqua avatar mbevilacqua

Amcache Parser

7 comment

Hi guys, Amcache parser did not works because of the new structure. Can you update the parser ? Regards

nwf9 avatar nwf9

REG key value

3 comment

Feature Request: Import raw .REG key values... They're easy to collect with PowerShell and faster than trying to get the entire SYSTEM hives.

hammjd avatar hammjd

enhancement

tstack module reports no hits when start_date == end_date

mbevilacqua avatar mbevilacqua

bug

Metadata

191
Stars
26
Forks
Watchers

Owner

verified publisher icon mbevilacqua

Metadata

"Evolving AppCompat/AmCache data analysis beyond grep"

Back