What license is AmcacheParser under?

MIT license — permissive, allowing commercial and modified use. The license is in the AmcacheParser repository on GitHub.

Are there commercial alternatives that cost money?

Several commercial DFIR platforms (Magnet AXIOM, X-Ways Forensics, EnCase) parse Amcache as part of their suites. They are far more expensive but bundle dozens of other parsers and case-management features. For Amcache-specifically, AmcacheParser is the canonical free option.

Is the browser-based parser at amcacheparser.com free?

Yes. It is independent of Eric's tools and runs entirely in your browser via WebAssembly. No account required, no telemetry, no upload — the file stays in your browser.

Can I use AmcacheParser at my employer?

Yes, including for commercial engagements. The MIT license permits commercial use. Most consultancies (Mandiant, Kroll, Trustwave, NCC, etc.) include Zimmerman tools in their standard analyst toolset.

Is AmcacheParser free?

Q: Who publishes AmcacheParser?

Eric Zimmerman, a former FBI special agent and current Senior Director at Kroll. He has published open-source DFIR tooling at ericzimmerman.github.io for over a decade.

Yes. AmcacheParser is free for any use — personal, commercial, internal, consulting engagements, government work, training. It is published under the MIT license by Eric Zimmerman on GitHub and at ericzimmerman.github.io.

There are no tiers, no nag screens, no telemetry, no account, no limits.

Who publishes it#

Eric Zimmerman is a former FBI special agent and currently a Senior Director at Kroll. He has published open-source DFIR tooling for over a decade. AmcacheParser is one of about a dozen tools he maintains — the others include:

MFTECmd — $MFT, $LogFile, $J, $Boot, $SDS parser
RECmd — registry command-line and batch processor
RBCmd — Recycle Bin parser
PECmd — Prefetch parser
EvtxECmd — Windows Event Log parser
JLECmd — Jump List parser
LECmd — LNK parser
SBECmd — Shellbag Explorer CLI
AppCompatCacheParser — ShimCache parser
SrumECmd — SRUM parser

All free, all MIT-licensed.

Commercial alternatives#

Several commercial DFIR suites also parse Amcache as part of larger packages:

Magnet AXIOM — Magnet Forensics' integrated DFIR platform.
X-Ways Forensics — German DFIR suite.
EnCase — OpenText's classic forensic platform.
FTK — Exterro's forensic toolkit.

These are paid (often $$$$) but bundle dozens of artefact parsers, evidence-management features, and certifications. For Amcache-specifically — meaning if you just need to parse the hive — AmcacheParser is the canonical free option and produces output that most paid platforms can ingest.

Is there any catch?#

Functionally: no. Practically, two limitations to be aware of:

No vendor support. AmcacheParser is open source. If you hit a bug, the right path is a GitHub issue, not a support ticket. Eric and the community are responsive but there is no SLA.
Windows-first. The tool runs cross-platform via .NET, but the documentation and ecosystem assume Windows. Linux / macOS users follow the Linux/macOS guide.

What about this site?#

The browser-based parser at amcacheparser.com is also free and runs entirely client-side. It is an independent re-implementation of the Amcache read path in Rust + WebAssembly, designed for triage and education. It is not affiliated with Eric or Kroll. The file you drop on the page is parsed in your browser and never sent to a server.

For full investigations on a Windows analyst workstation, use Eric's AmcacheParser.exe. For triage or no-install scenarios, use the browser-based version. Both are free.

AmcacheParser complete guide — the canonical reference.
AmcacheParser download guide — where to get it.
Who is Eric Zimmerman? — background on the author.

Is AmcacheParser free?

Who publishes it#

Commercial alternatives#

Is there any catch?#

What about this site?#

Related#

Related posts