RecentFileCache.bcf

Overview

Evidence: Recent File Cache Description: Collect recent file cache files Category: System Platform: windows Short Name: rfc Is Parsed: No Sent to Investigation Hub: Yes Collect File(s): Yes

Background

RecentFileCache.bcf is a binary file maintained by the Windows Application Compatibility infrastructure. It caches information about recently executed programs and can provide execution evidence.

This file complements other execution artifacts like prefetch, amcache, and appcompatcache.

Data Collected

This collector gathers structured data about recent file cache.

Recent File Cache Data

Field

Description

Example

Type

File type

RecentFileCache

Name

File name

RecentFileCache.bcf

SourcePath

Original file path

C:\Windows\AppCompat\Programs\RecentFileCache.bcf

FilePath

Relative path in evidence

Files/RecentFileCache.bcf

FileSize

File size in bytes

524288

Collection Method

This collector collects the file from:

C:\Windows\AppCompat\Programs\RecentFileCache.bcf

Forensic Value

RecentFileCache can provide additional program execution evidence. Investigators use this data to supplement execution artifact analysis and correlate with other execution evidence sources.

PreviousRecentDocs NextRecycle Bin Information

Last updated 2 months ago

Was this helpful?

hashtagOverview

hashtagBackground

hashtagData Collected

hashtagRecent File Cache Data

hashtagCollection Method

hashtagForensic Value