Open marcurdy opened 8 years ago
joachimmetz
commented
8 years ago we can add to parse the contents of this but so far this format has no identified time sources. Also see: https://github.com/libyal/assorted/blob/master/documentation/RecentFileCache.bcf%20format.asciidoc
It does not currently exist within https://github.com/ForensicArtifacts
marcurdy
commented
8 years ago Understood. Without a date, it's not near as valuable put in a timeline. I'm ok if you close this.
joachimmetz
commented
8 years ago I've reopened this. Long term we are thinking about adding extraction of time-less events.
marcurdy
commented
8 years ago Interesting. Thanks, brother.
On 6/23/16, Joachim Metz notifications@github.com wrote:
I've reopened this. Long term we are thinking about adding extraction of time-less events.
You are receiving this because you modified the open/close state. Reply to this email directly or view it on GitHub: https://github.com/log2timeline/plaso/issues/741#issuecomment-228253920
Windows 7 application compatibility db is called RecentFileCache.bcf and is not present in Plaso to-date. It does not exist in Windows before or after 7. http://www.forensicswiki.org/wiki/Windows_Application_Compatibility#RecentFileCache.bcf It does not currently exist within https://github.com/ForensicArtifacts