WinPrefetchView – Tool to Read Prefetch Files

Incident response and forensic analysis is a highly important process in any environment. Just re-imaging or wiping a compromised system will not guarantee that the same incident will not occur one more time. Rootcause analysis will help in identifying and to avoid the same occurrence in the future. If you are looking to investigate a WinPrefetch files you can use WinPrefetchView.

Each time that you run an application in your system, a Prefetch file which contains information about the files loaded by the application is created by Windows operating system. The information in the Prefetch file is used for optimizing the loading time of the application in the next time that you run it.

WinPrefetchView – Tool to Read Prefetch files

WinPrefetchView is a small utility that reads the Prefetch files stored in your system and displays the information stored in them. By looking in these files, you can learn which files every application is using, and which files are loaded on Windows boot.

This tool will be useful during a live system analysis to find the application history that have been executed so it will prove that there was an application installed even if the user removed this app from affected system.

You can read more and download this tool over here: https://www.nirsoft.net/utils/win_prefetch_view.html

Share