In the first post we got a quick insight into understanding Windows prefetch. In the second post we did a detailed analysis using the raw hex data within the "FILEZILLA.EXE-93859B09.pf file. In this post we will simply use a tool "winprefetchview"
Once the tool has been executed we see the following.
From the above we see the filename, created date, modified date, file size, process, path, run counter, last run time, etc. This basically eliminates the need for most of the work we did in the previous post. However, it is import that we understand what transpired in that post.
That's it for the Windows 10 prefetch series.
Reference:
http://www.nirsoft.net/utils/win_prefetch_view.html
No comments:
Post a Comment