Windows Prefetch files, introduced in Windows XP, are designed to speed up the application startup process. Prefetch files contain the name of the executable, a list of DLLs used by that executable, a count of how many times the executable was has been run, and a timestamp indicating the last time the program was run. Prefetch files are stored in the %SystemRoot%\Prefetch directory.
Both the NTFS timestamps for a Prefetch file and the timestamp embedded in each Prefetch file contain valueable information. The creation date of the file indicates the first time the application was executed. Both the modification date of the file and the embedded timestamp indicate the last time the application was executed. The
- Windows File Analyzer - Parses Prefetch files, thumbnail databases, shortcuts, index.dat files, and the recycle bin