Top Ad unit 728 × 90

Latest News


Daily Blog #544: Forensic Lunch Test Kitchen 11/20/18

Hello Reader,
          Tonight we continued our journey into the shimcache and amcache. Here is what we learned:

  • The extracted executable file from the command line that was not executed was still not present in the shimcache
  • Simply viewing the directory in the GUI that the extracted but not executed executable was in was enough to get it added to the shimcache
  • No new entries from the downloads directories were present in the Amcache

Tomorrow night we will see if the Amcache needed even more time, suggesting its a schedule task

You can watch the video here:

Daily Blog #544: Forensic Lunch Test Kitchen 11/20/18 Reviewed by David Cowen on November 20, 2018 Rating: 5

No comments:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form


Email *

Message *

Powered by Blogger.