Prefetch Parser

Application: Prefetch Parser
Created By: Paul Hutelmyer
Description: Prefetch files are used in the Windows Operating system to optimize the loading time of a Windows application on subsequent runs. These files contain information about the files loaded by the application. Prefetch Parser outputs the content of a prefetch file. By using this application, you can get a better understanding on what has executed on your machine.

The following is extracted:

Date and time the prefetch file was created.
Date and time the prefetch file was last modified.
Date and time the prefetch file was last accessed
Number of times the referenced file was executed.
Embeded date and time stamp for the file.
List of files and directories to be loaded when the file is executed.

prefetch_parser.exe
File Size:	8543 kb
File Type:	exe

Download File

MD5: 5a3566c18d2f6879af081a0a44b3358f

This command line interface is CMDer, it's a pretty cool guy. use it?

Multiple Prefetch Files

While this application does not natively support multiple prefetch files(yet), just use a script iterate through the multiple files. See below for an example in Windows batch:

::Prefetch.bat
::For every .PF file in the Windows\Prefetch directory, Call Prefetch.exe
::Prefetch.exe parses each prefetch file and gathers dates/file paths.
::Passes values to PrefetchResults.txt
::Created by Paul Hutelmyer
@echo off

ECHO Running Prefetch Analysis...
if exist PrefetchResults.txt DEL prefetchresults.txt

for /F %%i IN ('dir /b %SYSTEMROOT%\prefetch\*.pf') DO (
	WindowsPrefetch.exe %SYSTEMROOT%\prefetch\%%i >> PrefetchResults.txt
)
ECHO Done!