Hello Reader,
Another evening, another test kitchen! Tonight we looked even deeper into the Syscache and we learned:
Another evening, another test kitchen! Tonight we looked even deeper into the Syscache and we learned:
- Bat files are recorded in the Syscache hives when executed
- Bat files and other executables run from the Desktop are not recorded in the Syscache
- Powershell files (ps1) are not caught in the Syscache hive
- Deleting a file did not eliminate it from the Syscache hive
- Installing a program recorded its installer, but the program did not prepopulate an entry in the Syscache hive
- Creating a bat file did not pre-populate it in the Syscache hive
You can watch the video here:
.png)
Post a Comment