Forensicswiki.org has moved to this site, forensicswiki.xyz. For information, please join the Google Group forensicswiki-reborn
The AMCache is an stores metadata about program installation and execution on Windows.
It can be found on Windows 7 and Server 2008 R2 and later.
The AMCache is stored in the Windows NT Registry File (REGF) format in a file named AMCache.hve.
- Windows Application Compatibility
- Amcache.hve in Windows 8 - Goldmine for malware hunters, by Yogesh Khatri, December 2013
- Amcache on Windows 7, by Yogesh Khatri, May 2016
- Examples of amcache.py, by Willi Ballenthin
- Analysis of the AMCache, by Blanche Lagny, July 2019