Eric Zimmerman released Windows 10 Prefetch parser

This parser supports all known versions from Windows XP to Windows 10. Any digital forensic investigator or analyst has already known, that prefetch-file format in Windows 10 changed. The new tool from Eric Zimmerman helps to solve the problem – parse prefetch version 30. Make sure you have at least Windows 8 before running this code.

The code can be downloaded here.

Leave a Reply

Your email address will not be published. Required fields are marked *