Copyright © 2025 Authors retain the copyright of this article. This article is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

@article{182093,
        author = {B Gayatthri and Dr. Priya P Sajan},
        title = {Iconcache Reconstruction: Non-Boot Recovery Strategies in Windows Forensics},
        journal = {International Journal of Innovative Research in Technology},
        year = {2025},
        volume = {12},
        number = {2},
        pages = {901-905},
        issn = {2349-6002},
        url = {https://ijirt.org/article?manuscript=182093},
        abstract = {The iconcache. db is an important Windows operating system forensic investigation entity for artifact recovery, timeline correlation and file presence proof by improving the operating system performance. This research article attempts to explain how to inspect the icon cache, examining the analysis possibilities, and restores vital information like original file path and associated program names. To boot up, this research paper also describes the interpretation and correlation of icon cache analysis results with other system artifacts for examining further forensic artifacts and antiforensics approaches.},
        keywords = {Icon cache, Windows forensics, Anti-forensics},
        month = {July},
        }