Difference between pages "Libagdb" and "Windows Application Compatibility"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Created page with "{{Infobox_Software | name = libagdb | maintainer = Joachim Metz | os = Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, Windows | genre = {{Analy...")
 
 
Line 1: Line 1:
{{Infobox_Software |
+
{{expand}}
  name = libagdb |
+
  maintainer = [[Joachim Metz]] |
+
  os = [[Linux]], [[FreeBSD]], [[NetBSD]], [[OpenBSD]], [[Mac OS X]], [[Windows]] |
+
  genre = {{Analysis}} |
+
  license = {{LGPL}} |
+
  website = [http://code.google.com/p/libagdb/ code.google.com/p/libagdb/] |
+
}}
+
  
The '''libagdb''' package contains a library and applications to read the [[Windows SuperFetch Format]].
+
== sysmain.sdb ==
  
Note that the project currently only provides documentation.
+
== RecentFileCache.bcf ==
 +
<pre>
 +
C:\Windows\AppCompat\Programs\RecentFileCache.bcf
 +
</pre>
  
== History ==  
+
== AppCompatCache ==
 +
In Windows 2000 and XP:
 +
<pre>
 +
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatibility
 +
</pre>
  
Libagdb was created by [[Joachim Metz]] in 2014.
+
In Windows 2003 and later:
 +
<pre>
 +
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache
 +
</pre>
  
 
== External Links ==
 
== External Links ==
 
+
* [http://technet.microsoft.com/en-us/library/dd837644(v=ws.10).aspx Technet: Understanding Shims], by [[Microsoft]]
* [https://code.google.com/p/libagdb/ Project site]
+
* [http://msdn.microsoft.com/en-us/library/bb432182(v=vs.85).aspx MSDN: Application Compatibility Database], by [[Microsoft]]
 +
* [http://www.alex-ionescu.com/?p=39 Secrets of the Application Compatilibity Database (SDB) – Part 1], by [[Alex Ionescu]], May 20, 2007
 +
* [http://www.alex-ionescu.com/?p=40 Secrets of the Application Compatilibity Database (SDB) – Part 2], by [[Alex Ionescu]], May 21, 2007
 +
* [http://www.alex-ionescu.com/?p=41 Secrets of the Application Compatilibity Database (SDB) – Part 3], by [[Alex Ionescu]], May 26, 2007
 +
* [http://recxltd.blogspot.com/2012/04/windows-appcompat-research-notes-part-1.html Windows AppCompat Research Notes - Part 1], by Ollie, 28 April 2012
 +
* [http://recxltd.blogspot.com/2012/05/windows-appcompat-research-notes-part-2.html Windows AppCompat Research Notes - Part 2], by Ollie, 4 May 2012
 +
* [https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf Leveraging the Application Compatibility Cache in Forensic Investigations], by [[Andrew Davis]], May 4, 2012
 +
* [http://journeyintoir.blogspot.ch/2013/12/revealing-recentfilecachebcf-file.html Revealing the RecentFileCache.bcf File], by [[Corey Harrell]], December 2, 2013
 +
* [http://journeyintoir.blogspot.ch/2013/12/revealing-program-compatibility.html Revealing Program Compatibility Assistant HKCU AppCompatFlags Registry Keys], by [[Corey Harrell]], December 17, 2013
 +
* [http://journeyintoir.blogspot.ch/2014/04/triaging-with-recentfilecachebcf-file.html Triaging with the RecentFileCache.bcf File], by [[Corey Harrell]], April 21, 2014

Revision as of 03:29, 12 May 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

sysmain.sdb

RecentFileCache.bcf

C:\Windows\AppCompat\Programs\RecentFileCache.bcf

AppCompatCache

In Windows 2000 and XP:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatibility

In Windows 2003 and later:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache

External Links