Tag: windows

2 posts found

All ai analysis appcompatcache artifacts collection detection forensics guide incident-response malware parser-bugs security shimcache tutorial windows yara

windowsshimcacheappcompatcache

Windows 10/11 ShimCache `10ts`: the 1-byte trap that silently returns zero records

If your forensic pipeline parses AppCompatCache with a 3-byte 'sts' signature search, it returns zero records on every Windows 10 1607+ image. Here is the byte-layout mistake, the second mistake right next to it, and how to verify your own parser in five minutes.

May 1, 20268 min

unJaena Team

windowsartifactscollection

The Complete Guide to Windows Artifact Collection: From Prefetch to USN Journal

A detailed look at the essential artifacts to collect in Windows digital forensics. Learn the location, structure, and forensic value of Prefetch, EventLog, Registry, $MFT, USN Journal, and more.

April 5, 202615 min

unJaena Team