Skip to content
/ PCAParser Public

A PowerShell script that can be used to parse and convert to CSV the new Windows 11 artifacts found in C:\Windows\appcompat\pca

aboutdfir.com/new-windows-11-pro-22h2-evidence-of-execution-artifact/

License

MIT license
8 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AndrewRathbun/PCAParser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits

.gitattributes

.gitattributes

 
 

LICENSE

LICENSE

 
 

PCAParser.ps1

PCAParser.ps1

 
 

README.md

README.md

 
 

Repository files navigation

PCAParser

A PowerShell 5 script that can be used to parse and convert to CSV the new Windows 11 artifacts found in C:\Windows\appcompat\pca

Documentation

Check out the blog post on AboutDFIR highlighting this new artifact here.

Sample Data

Sample artifacts to test this script on can be found in the DFIRArtifactMuseum, specifically here.

About

A PowerShell script that can be used to parse and convert to CSV the new Windows 11 artifacts found in C:\Windows\appcompat\pca

aboutdfir.com/new-windows-11-pro-22h2-evidence-of-execution-artifact/

Topics

windows powershell dfir appcompat

Resources

Readme

License

MIT license
Activity

Stars

8 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 1

1.0 - Initial Release Latest
Jun 20, 2023

Packages

No packages published

Languages