---
name: analyzing-windows-amcache-artifacts
description: >
  Parse and analyze Windows Amcache.hve registry hive to extract program
  execution evidence, file metadata, SHA-1 hashes, and device connection
  history for digital forensics and incident response investigations.
domain: cybersecurity
subdomain: digital-forensics
tags: [amcache, windows-forensics, registry-analysis, execution-artifacts]
version: "1.0"
author: mahipal
license: Apache-2.0
---

# Analyzing Windows Amcache Artifacts

Extract execution evidence from Amcache.hve including application paths,
SHA-1 hashes, timestamps, and publisher metadata for DFIR investigations.