prefetch
#
$ target-query <path/to/target> -f prefetch
Module |
|
Output |
|
Module documentation
No documentation
Function documentation
Return the content of all prefetch files.
Prefetch is a memory management feature in Windows. It contains information (for example run count and timestamp) about executable applications that have been executed recently or are frequently executed.
- References:
- Yields PrefetchRecords with fields:
hostname (string): The target hostname. domain (string): The target domain. ts (datetime): Run timestamp. filename (path): The filename. prefetch (path): The prefetch entry. linkedfile (path): The linked file entry. runcount (int): The run count.
with –grouped:
- Yields PrefetchRecords with fields:
hostname (string): The target hostname. domain (string): The target domain. ts (datetime): Run timestamp. filename (path): The filename. prefetch (path): The prefetch entry. linkedfiles (path[]): A list of linked files runcount (int): The run count. previousruns (datetime[]): Previous run non zero timestamps