Note: Page numbers followed by “f” indicate figures, “t” indicate tables and “b” indicate boxes.
“ACMru” Registry key, 8, 14, 162f, 163
Admin cleanup, 139b
Adobe Reader, 158–159
Advanced persistent threats (APT), 51
AmCache hive, 123
“a00001ds” key contents, 126f
files key, 127–128
files value data, 128f
hashing tool, 126
primary interest, 124
ProgramID key contents, 127f
SHA-1 hash, 126b
Volume GUID key contents, 125f
on Windows 8, 129b
AmCache.hve, 20b Python script, 51
Antivirus (AV), 146
“AppCompatCache” data, 46, 88–89
AppCompatFlags key, 119–121
AppInit_DLLs value, 114
Applets, 137–139
user’s applets ...

Get Windows Registry Forensics, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.