Home > Post Exploitation > Windows Prefetch Folder Tool

Windows Prefetch Folder Tool

The inspiration of this tool came after listening to Pauldotcom Episode 171.
I wanted something that I can run in the form of a script to extract information from the windows prefetch folder.

Windows caches portions of frequently accessed programs in order to speed up program launches.  The prefetch folder reveals which programs you have been running recently, how many times you executed the program and when you last executed the program.

This is one place where forensic investigators should look at first when looking at a compromised/suspect machine.  <as heard on pauldotcom>

The tool can be download from http://code.google.com/p/prefetch-tool/

The below screenshot shows the options of the prefetch-tool

prefetch tool usage help

Below shows the results of running the prefetch-tool script.

example of prefetch-tool usage

Send me your comments and feedbacks to keith.lee2012[at]gmail.com

About these ads
Categories: Post Exploitation
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: