ThreatFix
  • Home
  • Tools
  • Home
  • Tools
Picture

​Application:
Prefetch Parser
Created By: Paul Hutelmyer
Description: 
Prefetch files are used in the Windows Operating system to optimize the loading time of a Windows application on subsequent runs. These files contain information about the files loaded by the application.  
Prefetch Parser outputs the content of a prefetch file.  By using this application, you can get a better understanding on what has executed on your machine.

The following is extracted:
  • Date and time the prefetch file was created.
  • Date and time the prefetch file was last modified.
  • Date and time the prefetch file was last accessed
  • Number of times the referenced file was executed.
  • Embeded date and time stamp for the file.
  • List of files and directories to be loaded when the file is executed. 
 
prefetch_parser.exe
File Size: 8543 kb
File Type: exe
Download File

              MD5: 5a3566c18d2f6879af081a0a44b3358f


This command line interface is CMDer, it's a pretty cool guy. use it?

Multiple Prefetch Files


While this application does not natively support multiple prefetch files(yet), just use a script iterate through the multiple files.  See below for an example in Windows batch:
::Prefetch.bat
::For every .PF file in the Windows\Prefetch directory, Call Prefetch.exe
::Prefetch.exe parses each prefetch file and gathers dates/file paths.
::Passes values to PrefetchResults.txt
::Created by Paul Hutelmyer
@echo off

ECHO Running Prefetch Analysis...
if exist PrefetchResults.txt DEL prefetchresults.txt

for /F %%i IN ('dir /b %SYSTEMROOT%\prefetch\*.pf') DO (
	WindowsPrefetch.exe %SYSTEMROOT%\prefetch\%%i >> PrefetchResults.txt
)
ECHO Done!

Powered by Create your own unique website with customizable templates.