Skip to content

dot-sys/VortexAmCache

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
Vortex.UI
Vortex.UI
 
 
VortexAMC
VortexAMC
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
VortexAmCache.slnx
VortexAmCache.slnx
 
 

Repository files navigation

Vortex Logo

Vortex AMCache Analyzer

Standalone C# Tool for live Windows AMCache parsing. Handles live and locked Win10 and 11 Hives!

⭐ Star this project if you found it useful.

Vortex AmCache Preview

Overview

Vortex AMCache Analyzer is a robust .NET tool for forensic analysis of Windows AMCache Hive in Win10 and Win11. Reads and interprets AmCache hive data, fixes version quirks, extracts all forencis artifacts and metadata resolution (timestamps, hashes, signatures).

Core Parsing

  • Loads and parses AMCache Hive
  • Auto-detects and adjusts Win10/11 schema variations
  • Extracts File Entries, Shortcuts, Device History and Driver Information

Metadata Enrichment

  • Resolves file paths and volume serial mappings
  • File checks: Timestamps, SHA1, Authenticode signature validation
  • Status flags: Installed/Removed/Unknown

Features

  • Dependency Resolution: Programs/files/volumes with normalized paths
  • Executable Metadata: SHA1, signature status, timestamps
  • Reflection Helpers: Dynamic property access for parser objects
  • No External Dumps: Live Hive reading

Requirements

  • .NET Framework 4.6.2
  • Windows 10 or Windows 11
  • Administrator privileges (for protected file access)

About

Small Live AmCache Hive Parser and Analyzer for Win 10 & 11

Resources

Readme

License

View license
Activity

Stars

4 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

V1.0 Latest
Feb 10, 2026

Contributors

Languages