Advanced Windows Forensic Engine (Amcache & Shimcache Correlation). Built with Sigma Rules, SHA-256 Integrity, and PII Masking (KVKK/GDPR). Educational Refactor of Amcache-EvilHunter.
-
Updated
Mar 27, 2026 - Python
#
shimcache
Here are 3 public repositories matching this topic...
C++ ShimCache (AppCompatCache) parser for execution artifact forensics
-
Updated
Feb 20, 2026 - C++
X-Ways Forensics Community Edition
incident-response prefetch dfir digital-forensics computer-forensics carving file-carving registry-analysis xtensions amcache forensic-tools windows-forensics xwf file-signatures x-tensions windows-artifacts x-ways-forensics xways python-forensics shimcache
-
Updated
Dec 10, 2025
Improve this page
Add a description, image, and links to the shimcache topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the shimcache topic, visit your repo's landing page and select "manage topics."