The inspiration of this tool came after listening to Pauldotcom Episode 171.
I wanted something that I can run in the form of a script to extract information from the windows prefetch folder.
Windows caches portions of frequently accessed programs in order to speed up program launches. The prefetch folder reveals which programs you have been running recently, how many times you executed the program and when you last executed the program.
This is one place where forensic investigators should look at first when looking at a compromised/suspect machine. <as heard on pauldotcom>
The tool can be download from http://code.google.com/p/prefetch-tool/
The below screenshot shows the options of the prefetch-tool
Below shows the results of running the prefetch-tool script.
Send me your comments and feedbacks to keith.lee2012[at]gmail.com