Prefetch Parser

Description: A tool designed to parse and analyze Windows Prefetch files (.pf), offering an alternative or supplement to WinPrefetchView.

Features:

Parses prefetch files, displaying information similar to WinPrefetchView.
Includes tabs for detailed information: Execution History (last 8 run times), File Info (size, creation/access/modified times).
Integrates BAM parsing, YARA rule scanning, and digital signature checks for the executable associated with the prefetch file.
Offers filtering options (Show Unsigned Only, Show Flagged Only, Only In Instance).

Usage: Aids in examining evidence of program execution stored within prefetch files, combining prefetch data analysis with signature checks and YARA scanning in a single interface.

Link: https://github.com/spokwn/prefetch-parser

PreviousBAM parser NextKernel Live Dump Analyzer

Last updated 2 months ago