Shimcache execution timeline feature with Amcache enrichment

WithSecureLabs / chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

GNU General Public License v3.0

2.7k stars 242 forks source link

Shimcache execution timeline feature with Amcache enrichment #124

Closed Markus98 closed 1 year ago

Markus98 commented 1 year ago

A new feature for creating execution timelines using Shimcache artifacts with optional Amcache enrichment. Also added functionality to parse Windows registry hive files.