syscache

$ target-query <path/to/target> -f syscache

Details

Module	os.windows.syscache.SyscachePlugin
Output	records

Module documentation

Plugin to parse Syscache.hve.

Reference: - https://dfir.ru/2018/12/02/the-cit-database-and-the-syscache-hive/

Function documentation

Parse the objects in the ObjectTable from the Syscache.hve file.