Skip to content

ohxeighty/prefetchExplorer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
prefetchexplorer.py
prefetchexplorer.py
 
 

Repository files navigation

prefetchExplorer

Parses prefetch files when supplied either a file or a folder with prefetch files.

Usage: prefetchExplorer.py [-h] [-o OUTPUT] (-f FILE | -d DIRECTORY)

Example Output:


CALC.EXE
Size: 23538
Windows Vista / 7
Run Count: 2
Last Run: 1601-01-01 00:01:49.639220
Supporting Files

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\NTDLL.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\KERNEL32.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\APISETSCHEMA.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\KERNELBASE.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\LOCALE.NLS

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\CALC.EXE

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SHELL32.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\MSVCRT.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SHLWAPI.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\GDI32.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\USER32.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\LPK.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\USP10.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\WINSXS\AMD64_MICROSOFT.WINDOWS.GDIPLUS_6595B64144CCF1DF_1.1.7601.17514_NONE_2B24536C71ED437A\GDIPLUS.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\OLE32.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\RPCRT4.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\ADVAPI32.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SECHOST.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\OLEAUT32.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\UXTHEME.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\WINSXS\AMD64_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.7601.17514_NONE_FA396087175AC9AC\COMCTL32.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WINMM.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\VERSION.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\IMM32.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\MSCTF.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\EN-US\CALC.EXE.MUI

	\DEVICE\HARDDISKVOLUME2\WINDOWS\WINDOWSSHELL.MANIFEST

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WINDOWSCODECS.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DWMAPI.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\FONTS\STATICCACHE.DAT

	\DEVICE\HARDDISKVOLUME2\WINDOWS\GLOBALIZATION\SORTING\SORTDEFAULT.NLS

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\RPCSS.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\CRYPTBASE.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\CLBCATQ.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\OLEACC.DLL

	\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\OLEACCRC.DLL

	\DEVICE\HARDDISKVOLUME2\$MFT




===========
Volume Info
===========
Path: \DEVICE\HARDDISKVOLUME2
Creation Time: 2016-01-16 21:15:18.109374
Serial Number: 88008c2fL
Directory Strings

	\DEVICE\HARDDISKVOLUME2\WINDOWS

	\DEVICE\HARDDISKVOLUME2\WINDOWS\FONTS

	\DEVICE\HARDDISKVOLUME2\WINDOWS\GLOBALIZATION

	\DEVICE\HARDDISKVOLUME2\WINDOWS\GLOBALIZATION\SORTING

About

Parses prefetch files

Topics

security forensics infosec

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages