syscache

$ target-query <path/to/target> -f syscache

Details

Module	dissect.target.plugins.os.windows.syscache.SyscachePlugin
Output	records

Module documentation

Plugin to parse Syscache.hve.

Function documentation

Parse the objects in the ObjectTable from the Syscache.hve file.

References:

• https://dfir.ru/2018/12/02/the-cit-database-and-the-syscache-hive/