App. Execution

SRUM Forensics (in-progress)

Introduction System Resource Utilization Monitor (SRUM) is a feature used to track system resource usage such as process and network metrics in a database. Most of the SRUM is not available to the end user. The ‘App History’ section in the Task Manager will show some of the SRUM. The SRUM is integrated into the…

August 28, 2022August 28, 2022

Prefetch

Introduction The Prefetch, or called the Prefetcher, helps improve an application’s startup speed. It’s a background monitoring process that watches the first 2-10 seconds of an application executing on a Windows system. The goal is to speed up subsequent launches of an application. The Prefetch caches required files and resources into memory, therefore decreasing the…

May 25, 2022May 30, 2022

Amcache.hve

Introduction The Amcache is a part of the Windows Application Compatibility database along with the ShimCache. The Amcache was named RecentFileCache.bcf prior to a late patch in Windows 7. The Amcache replaced RecentFileCache.bcf after the Windows 7 patch. Forensic Value The Amcache is a small registry hive that contains data about applications that have been…

May 20, 2022May 25, 2022

Something went wrong. Please refresh the page and/or try again.