Top Ad unit 728 × 90

Latest News

random

Daily Blog #586: Forensic Lunch Test Kitchen Server 2019 Shimcache Srum Syscache

Hello Reader,
      Tonight we extended our search to see if the Syscache hive came back to life by looking into Windows Server 2019, Here is what we learned:

  • No Syscache hive by default in Server 2019
  • There is a SRUM database by default in Server 2019
  • There is an Amcache hive by default in Server 2019
  • There is still no Preftech in Server 2019
  • Shimcache showed an interesting behavior that we need to regression test back versions of Windows where executables viewed in the Explorer GUI only got entered into the Shimcache hive when they were viewable and/or highlighted in the GUI Window
  • Executables not yet viewed in the GUI window scroll were not present in the Shimcache
You can watch the video here:

Daily Blog #586: Forensic Lunch Test Kitchen Server 2019 Shimcache Srum Syscache Reviewed by David Cowen on January 03, 2019 Rating: 5

No comments:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form

Name

Email *

Message *

Powered by Blogger.