Didier Stevens

Friday 3 August 2012

Prefetch File 010 Template

Filed under: Forensics,My Software — Didier Stevens @ 9:49

I had some problems with a Windows XP prefetch file, so I wrote a 010 Editor template using the Forensics Wiki’s information on prefetch files.

PFTemplate.zip (https)
MD5: 11F6BB8EC0D29CBCC7C2F269E9900AF0
SHA256: 4429380778C94E47427C1753BAF91E0D8AF78985AA9F3868CF3FC07456F7BAFA


  1. Comes in handy, MSFT should stand up and publish more formats overall. Bit fed up having to reverse engineer things now and again slowing down progress.

    Comment by Thierry Zoller — Saturday 4 August 2012 @ 13:20

  2. @Thierry Yes, it is frustrating.

    Comment by Didier Stevens — Sunday 5 August 2012 @ 7:31

  3. […] Prefetch File 010 Template 프리패치 파일에 대한 010Editor 템플릿이다. 포렌식을 공부하는 사람이라면 템플릿을 이용해 포맷을 자세히 살펴볼 수 있을 것이다. […]

    Pingback by [Aug 2012] Newsletter | FORENSIC INSIGHT — Wednesday 17 October 2012 @ 14:06

  4. […] update to my Prefetch File 010 Template adds Sections A through […]

    Pingback by Update: Prefetch File 010 Template | Didier Stevens — Monday 23 December 2013 @ 22:01

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.


Get every new post delivered to your Inbox.

Join 342 other followers

%d bloggers like this: