Digital Forensic Survival Podcast
DFSP # 020 - Amcache Forensics - Find Evidence of App Execution
- Autor: Vários
- Narrador: Vários
- Editor: Podcast
- Duración: 0:25:15
- Mas informaciones
Informações:
Sinopsis
This week I talk about Amcache Forensics, a Windows artifact that collects details about programs that have been run on a given system. This evidence can support malware/ intrusion investigations, file use and knowledge exams and data spoliations inquiries.
