Hello everyone, i'm working on an exercise assigned to me during my CF course, and i have the need of analyzing prefetch files on a windows XP machine.
i know that encase has a script for handling such files, but it's a bit expensive for educational purposes, so, does anyone know if there are tools around that can help me out analyzing windows prefetch files?
thnx in advice for the help.
EDIT nvm, sorry, i've found a tool that looks to fit my needs.
i post a link just in case someone will find it usefull
http//
even if it doesn't work as i expected… (
i thought that the prefetch file would contain informations on the original path of the executable and informations on the volume serial etc, but when i parse it, only errors accours.
it looks like that this tools requires files to be "in place" to analyze them correctly (
I'm not sure but this tool perhaps meets your requeriments
http//
yes, the tool looks pretty useful, thank you very much
The timeline creation tools, in the Files section of the Win4n6 Yahoo group, contains a Perl script that does this…
sorry Harlan, i've forgotten your great work oops
i've subscribed to that group, looks like a really big source of informations and knowledge sharing community )
neofito…thanks…I just try to share what I have and know, in hopes that others will find it useful and maybe provide some feedback, improving the community as a whole.
Rampage - Perhaps. Over half of the members signed up saying things like "contribute" and "share", but there are only a few that actually post.