Windows Prefetch Parser (pf)
pf is a Windows prefetch parser. The prefetcher is a component of Windows operating systems starting with Windows XP that allows the system to speed up the boot process as well as decreases the time it takes to start up programs. From a forensic perspective, any prefetch files that are created allow the investigator to determine when certain programs and associated libraries were last executed.
Whether operating pf on a live system or offline, the command line options allow pf to be operated in batch mode to process many files in an automated fashion.
Downloads
| 32-bit Version | 64-bit Version | ||||
| Windows: | pf32.v.0.98.win.zip | pf64.v.0.98.win.zip | md5/sha1 | ||
| Linux: | pf32.v.0.98.lin.tar.gz | pf64.v.0.98.lin.tar.gz | md5/sha1 | ||
| Mac OS X: | pf.v.0.98.osx.tar.gz | pf.v.0.98.osx.tar.gz | md5/sha1 | ||
| *32bit apps can run in a 64bit linux distribution if "ia32-libs" (and dependencies) are present. | |||||