Eric Zimmerman released Windows 10 Prefetch parser

333

This parser supports all known versions from Windows XP to Windows 10. Any digital forensic investigator or analyst has already known, that prefetch-file format in Windows 10 changed. The new tool from Eric Zimmerman helps to solve the problem – parse prefetch version 30. Make sure you have at least Windows 8 before running this code.

The code can be downloaded here.

Leave a Reply

Your email address will not be published. Required fields are marked *