ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.


From ForensicsWiki
Revision as of 14:41, 22 May 2007 by Jessek (Talk | contribs) (Initial stub)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Windows Prefetch files, introduced in Windows XP, are designed to speed up the application startup process. Prefetch files contain the name of the executable, a list of DLLs used by that executable, a count of how many times the executable was has been run, and a timestamp indicating the last time the program was run. Prefetch files are stored in the %SystemRoot%\Prefetch directory.


Both the NTFS timestamps for a Prefetch file and the timestamp embedded in each Prefetch file contain valueable information. The creation date of the file indicates the first time the application was executed. Both the modification date of the file and the embedded timestamp indicate the last time the application was executed. The

See Also

External Links

  • Windows File Analyzer - Parses Prefetch files, thumbnail databases, shortcuts, index.dat files, and the recycle bin