Home windows 7 Daily Blog #554: Solution Saturday 12/1/18 - Solution for GUI Executable Challenge

Daily Blog #554: Solution Saturday 12/1/18 - Solution for GUI Executable Challenge

By David Cowen • December 01, 2018 • amcache Daily Blog solution saturday windows 7 • Comments : 0

Solution for GUI Executable Challenge by David Cowen - Hacking Exposed Computer Forensics Blog

Hello Reader,
This week we have a clear winner with Maxim Suhanov not only answering the question but finding a new artifact and writing a proof of concept extractor for it in the process!

The Challenge:

On a Windows 7 system how long does it take for a new gui executable to appear in the Amcache. What can you do if anything to force the executable to appear in the amcache hive.

The Winning Answer:

Maxim Suhanov (@errno_fail)

You can read the answer here: https://dfir.ru/2018/12/02/the-cit-database-and-the-syscache-hive/

Also Read: Daily Blog #553

Daily Blog #554: Solution Saturday 12/1/18 - Solution for GUI Executable Challenge

Post a Comment

Top Posts/Right Now