`prefetch`#

$ target-query <path/to/target> -f prefetch

Details#
Module	`os.windows.prefetch.PrefetchPlugin`
Output	`records`

Module documentation

No documentation

Function documentation

Return the content of all prefetch files.

Prefetch is a memory management feature in Windows. It contains information (for example run count and timestamp) about executable applications that have been executed recently or are frequently executed.

References:

https://www.geeksforgeeks.org/prefetch-files-in-windows/

Yields PrefetchRecords with fields:

hostname (string): The target hostname. domain (string): The target domain. ts (datetime): Run timestamp. filename (path): The filename. prefetch (path): The prefetch entry. linkedfile (path): The linked file entry. runcount (int): The run count.

with –grouped:

Yields PrefetchRecords with fields:: hostname (string): The target hostname. domain (string): The target domain. ts (datetime): Run timestamp. filename (path): The filename. prefetch (path): The prefetch entry. linkedfiles (path[]): A list of linked files runcount (int): The run count. previousruns (datetime[]): Previous run non zero timestamps

prefetch#

`prefetch`#