AppCompatCacheParser

AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10, and Windows 11

Generate Convert Improve

Install / Use

/learn @EricZimmerman/AppCompatCacheParser

About this skill

Quality Score

0/100

README

AppCompatCacheParser

Command Line Interface

AppCompatCache Parser version 1.4.4.0

Author: Eric Zimmerman (saericzimmerman@gmail.com)
https://github.com/EricZimmerman/AppCompatCacheParser

        c               The ControlSet to parse. Default is to extract all control sets.
        f               Full path to SYSTEM hive to process. If this option is not specified, the live Registry will be used
        t               Sorts last modified timestamps in descending order

        csv             Directory to save CSV formatted results to. Required
        csvf            File name to save CSV formatted results to. When present, overrides default name

        debug           Debug mode
        dt              The custom date/time format to use when displaying timestamps. See https://goo.gl/CNVq0k for options. Default is: yyyy-MM-dd HH:mm:ss
        nl              When true, ignore transaction log files for dirty hives. Default is FALSE

Examples: AppCompatCacheParser.exe --csv c:\temp -t -c 2
          AppCompatCacheParser.exe --csv c:\temp --csvf results.csv

          Short options (single letter) are prefixed with a single dash. Long commands are prefixed with two dashes

Documentation

AppCompatCache (ShimCache) parser. Supports Windows XP, Windows 7 (x86 and x64), Windows 8.x, Windows 10, and Windows 11.

Introducing AppCompatCacheParser

AppCompatCacheParser v0.0.5.1 released

AppCompatCacheParser v0.0.5.2 released

AppCompatCacheParser v0.9.0.0 released and some AppCompatCache/shimcache parser testing

Windows 10 Creators update vs shimcache parsers: Fight!!

Updates to the left of me, updates to the right of me, version 1 releases are here (for the most part)

Everything gets an update, Sept 2018 edition

Locked file support added to AmcacheParser, AppCompatCacheParser, MFTECmd, ShellBags Explorer (and SBECmd), and Registry Explorer (and RECmd)

Windows Registry Knowledge Base

Download Eric Zimmerman's Tools

All of Eric Zimmerman's tools can be downloaded here.

Special Thanks

Open Source Development funding and support provided by the following contributors: SANS Institute and SANS DFIR.

Related Skills

openhue

343.3k

Control Philips Hue lights and scenes via the OpenHue CLI.

sag

343.3k

ElevenLabs text-to-speech with mac-style say UX.

weather

343.3k

Get current weather and forecasts via wttr.in or Open-Meteo

tweakcc

1.5k

Customize Claude Code's system prompts, create custom toolsets, input pattern highlighters, themes/thinking verbs/spinners, customize input box & user message styling, support AGENTS.md, unlock private/unreleased features, and much more. Supports both native/npm installs on all platforms.

EricZimmerman

View profile

View on GitHub

GitHub Stars129

CategoryCustomer

Updated1mo ago

Forks23

EricZimmerman/AppCompatCacheParser

Languages

Security Score

95/100

Audited on Feb 5, 2026

No findings