Analyzes Windows Amcache.hve registry hive to extract program execution evidence, file metadata, SHA-1 hashes, and device connection history for digital forensics and incident response.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
从 Amcache.hve 中提取执行证据,包括应用程序路径、SHA-1 哈希、时间戳及发布者元数据,用于 DFIR 调查。
Analyzes Windows Amcache.hve registry hive for evidence of program execution, app installation, and driver loading in digital forensics using AmcacheParser and Timeline Explorer.
Parses Windows Amcache.hve hive to extract program execution, app installation, and driver loading evidence for digital forensics. Uses AmcacheParser for analysis, hash correlation, and timelines.
Extracts and analyzes Windows registry hives from forensic images to uncover user activity, installed software, autostarts, USB devices, and intrusion evidence using RegRipper and python-registry.
Share bugs, ideas, or general feedback.
从 Amcache.hve 中提取执行证据,包括应用程序路径、SHA-1 哈希、时间戳及发布者元数据,用于 DFIR 调查。