Didier Stevens

Friday 3 August 2012

Prefetch File 010 Template

Filed under: Forensics,My Software — Didier Stevens @ 9:49

I had some problems with a Windows XP prefetch file, so I wrote a 010 Editor template using the Forensics Wiki’s information on prefetch files.

PFTemplate.zip (https)
MD5: 11F6BB8EC0D29CBCC7C2F269E9900AF0
SHA256: 4429380778C94E47427C1753BAF91E0D8AF78985AA9F3868CF3FC07456F7BAFA

4 Comments »

  1. Comes in handy, MSFT should stand up and publish more formats overall. Bit fed up having to reverse engineer things now and again slowing down progress.

    Comment by Thierry Zoller — Saturday 4 August 2012 @ 13:20

  2. @Thierry Yes, it is frustrating.

    Comment by Didier Stevens — Sunday 5 August 2012 @ 7:31

  3. [...] Prefetch File 010 Template 프리패치 파일에 대한 010Editor 템플릿이다. 포렌식을 공부하는 사람이라면 템플릿을 이용해 포맷을 자세히 살펴볼 수 있을 것이다. [...]

    Pingback by [Aug 2012] Newsletter | FORENSIC INSIGHT — Wednesday 17 October 2012 @ 14:06

  4. […] update to my Prefetch File 010 Template adds Sections A through […]

    Pingback by Update: Prefetch File 010 Template | Didier Stevens — Monday 23 December 2013 @ 22:01


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Create a free website or blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 198 other followers

%d bloggers like this: