Posts tagged "reference"

• AmcacheParser output columns explained: every CSV field decoded

  A field-by-field reference for AmcacheParser's CSV output — FileId, PathHash, ProgramId, LinkDate, BinFileVersion, IsPeFile, and every other column, with the pivots that matter in DFIR.

  2026-05-24

• The definitive Amcache.hve forensic reference: every key, every value, every timestamp

  A field-by-field, schema-by-schema reference for Windows Amcache.hve — what each Inventory* subkey records, what every timestamp actually means, how the schema evolved from Windows 7 through Windows 11, and what Amcache can and cannot prove in DFIR.

  2026-05-24