Difference between pages "Opera" and "Windows Application Compatibility"
From ForensicsWiki
(Difference between pages)
Joachim Metz (Talk | contribs) |
Joachim Metz (Talk | contribs) (→sysmain.sdb) |
||
| Line 1: | Line 1: | ||
{{expand}} | {{expand}} | ||
| − | == | + | == sysmain.sdb == |
| − | + | System compatibility database. | |
| − | + | == RecentFileCache.bcf == | |
| + | In Windows 7 the RecentFileCache.bcf file is stored in: | ||
<pre> | <pre> | ||
| − | + | C:\Windows\AppCompat\Programs\ | |
</pre> | </pre> | ||
| − | == | + | == Amcache.hve == |
| − | The file | + | The Amcache.hve file is a [[Windows NT Registry File (REGF)]]. |
| + | In Windows 8 the Amcache.hve file is stored in: | ||
<pre> | <pre> | ||
| − | + | C:\Windows\AppCompat\Programs\ | |
| − | + | ||
| − | + | ||
| − | + | ||
</pre> | </pre> | ||
| − | + | == AppCompatCache == | |
| − | + | In Windows 2000 and XP: | |
| − | + | <pre> | |
| − | + | Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatibility | |
| + | </pre> | ||
| − | + | In Windows 2003 and later: | |
| − | + | <pre> | |
| − | + | Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache | |
| − | + | </pre> | |
| − | + | ||
== External Links == | == External Links == | ||
| − | + | * [http://technet.microsoft.com/en-us/library/dd837644(v=ws.10).aspx Technet: Understanding Shims], by [[Microsoft]] | |
| − | * [http:// | + | * [http://msdn.microsoft.com/en-us/library/bb432182(v=vs.85).aspx MSDN: Application Compatibility Database], by [[Microsoft]] |
| − | * [http://www. | + | * [http://www.alex-ionescu.com/?p=39 Secrets of the Application Compatilibity Database (SDB) – Part 1], by [[Alex Ionescu]], May 20, 2007 |
| − | + | * [http://www.alex-ionescu.com/?p=40 Secrets of the Application Compatilibity Database (SDB) – Part 2], by [[Alex Ionescu]], May 21, 2007 | |
| − | [[ | + | * [http://www.alex-ionescu.com/?p=41 Secrets of the Application Compatilibity Database (SDB) – Part 3], by [[Alex Ionescu]], May 26, 2007 |
| − | [[ | + | * [http://recxltd.blogspot.com/2012/04/windows-appcompat-research-notes-part-1.html Windows AppCompat Research Notes - Part 1], by Ollie, 28 April 2012 |
| + | * [http://recxltd.blogspot.com/2012/05/windows-appcompat-research-notes-part-2.html Windows AppCompat Research Notes - Part 2], by Ollie, 4 May 2012 | ||
| + | * [https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf Leveraging the Application Compatibility Cache in Forensic Investigations], by [[Andrew Davis]], May 4, 2012 | ||
| + | * [http://journeyintoir.blogspot.ch/2013/12/revealing-recentfilecachebcf-file.html Revealing the RecentFileCache.bcf File], by [[Corey Harrell]], December 2, 2013 | ||
| + | * [http://journeyintoir.blogspot.ch/2013/12/revealing-program-compatibility.html Revealing Program Compatibility Assistant HKCU AppCompatFlags Registry Keys], by [[Corey Harrell]], December 17, 2013 | ||
| + | * [http://journeyintoir.blogspot.ch/2014/04/triaging-with-recentfilecachebcf-file.html Triaging with the RecentFileCache.bcf File], by [[Corey Harrell]], April 21, 2014 | ||
Latest revision as of 01:06, 9 July 2014
|
|
Please help to improve this article by expanding it.
|
sysmain.sdb
System compatibility database.
RecentFileCache.bcf
In Windows 7 the RecentFileCache.bcf file is stored in:
C:\Windows\AppCompat\Programs\
Amcache.hve
The Amcache.hve file is a Windows NT Registry File (REGF).
In Windows 8 the Amcache.hve file is stored in:
C:\Windows\AppCompat\Programs\
AppCompatCache
In Windows 2000 and XP:
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatibility
In Windows 2003 and later:
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache
External Links
- Technet: Understanding Shims, by Microsoft
- MSDN: Application Compatibility Database, by Microsoft
- Secrets of the Application Compatilibity Database (SDB) – Part 1, by Alex Ionescu, May 20, 2007
- Secrets of the Application Compatilibity Database (SDB) – Part 2, by Alex Ionescu, May 21, 2007
- Secrets of the Application Compatilibity Database (SDB) – Part 3, by Alex Ionescu, May 26, 2007
- Windows AppCompat Research Notes - Part 1, by Ollie, 28 April 2012
- Windows AppCompat Research Notes - Part 2, by Ollie, 4 May 2012
- Leveraging the Application Compatibility Cache in Forensic Investigations, by Andrew Davis, May 4, 2012
- Revealing the RecentFileCache.bcf File, by Corey Harrell, December 2, 2013
- Revealing Program Compatibility Assistant HKCU AppCompatFlags Registry Keys, by Corey Harrell, December 17, 2013
- Triaging with the RecentFileCache.bcf File, by Corey Harrell, April 21, 2014
