AmCache Parser Update #153
Description
It appears the Get-ForensicAmCache cmdlet doesn't work with newer versions of Windows 10. According to Eric Zimmerman's blog the format of amcache.hve changed with the Windows 10 Fall Creators Update (10/17/2017).
The version in PowerShell gallery hasn't been updated since 1/30/2016
Reference: https://binaryforay.blogspot.com/2017/10/amcache-still-rules-everything-around.html