Daily Blog #586: Forensic Lunch Test Kitchen Server 2019 Shimcache Srum Syscache
Hello Reader,
Tonight we extended our search to see if the Syscache hive came back to life by looking into Windows Server 2019, Here is what we learned:
Tonight we extended our search to see if the Syscache hive came back to life by looking into Windows Server 2019, Here is what we learned:
- No Syscache hive by default in Server 2019
- There is a SRUM database by default in Server 2019
- There is an Amcache hive by default in Server 2019
- There is still no Preftech in Server 2019
- Shimcache showed an interesting behavior that we need to regression test back versions of Windows where executables viewed in the Explorer GUI only got entered into the Shimcache hive when they were viewable and/or highlighted in the GUI Window
- Executables not yet viewed in the GUI window scroll were not present in the Shimcache
You can watch the video here:
Daily Blog #586: Forensic Lunch Test Kitchen Server 2019 Shimcache Srum Syscache
Reviewed by David Cowen
on
January 03, 2019
Rating:
Reviewed by David Cowen
on
January 03, 2019
Rating:
No comments: