Andrew Davis did the critical research describing the ShimCache artifacts and writing the parser under Mandiant: https://www.fireeye.com/blog/threat-research/2012/04/leveraging-application-compatibility-cache-forensic.html