Hi there,
I was examining an Amcache Hive from a Windows 2008 R2 server and came across a key "DeviceCensus PermissionsCheckTestkey". The key "DeviceCensus" is in place of "Device". From what I can tell it has something to do with the users group not having certain access permissions? Our other machines don't have this key. Has anyone ran across "DeviceCensus" ? I have not found much information on it. It prevents one from examining the hive. I had our infrastructure manager copy the file with his group/writes, but same results. I copied manually and with ftk imager, and the results are the same.
When using registry explorer
NORMALLY>Amcache Hive Structure
c\users\…
{f4e3dd…
Root
Device
File
Generic
HwItem
Metadata
Orphan
Programs
ABNORMAL>Amcache Hive Structure – KEY DeviceCensus
c\users\…
{f4e3dd…
Root
DeviceCensus
PermissionsCheckTestKey