SANS Digital Forensics and Incident Response Blog: Tag - Prefetch Files

Prefetch Parser v1.4 released

I have updated Prefetch Parser. The program was mentioned in Chad Tilbury's blog entry De-mystifying Defrag Identifying When Defrag Has Been Used For Anti-Forensics (Part 1 Windows XP). The main updates to the program are as follows:

  1. Add the Windows 7 option to the drop down box.
  2. GPL all the code ( and prefetch_parser_gui.au3)
  3. Make the program parse_prefetch_info callable from the command line (send flag -h or no arguments to get the syntax).
  4. Added reading the Layout.ini file and reporting on all programs/prefetch files that are in the Layout.ini file.
  5. Added a new report that will list the distinct devices/volumes/directories with hyperlinks to