analyzing-windows-prefetch-with-python
CommunityReconstruct Windows Prefetch execution history.
AuthorAxxxxxxaaann
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Windows Prefetch files accumulate execution data that is valuable for forensics but parsing and correlating this data across files can be error-prone. This skill provides a Python-based approach to extract execution history, identify masqueraded binaries, and build a coherent incident timeline.
Core Features & Use Cases
- Prefetch Parsing: Extracts executable names, run counts, timestamps, and resource usage from PF files.
- Masquerade Detection: Highlights renamed binaries and suspicious patterns.
- Timeline Reconstruction: Builds a chronological execution timeline across PF files.
- Reporting: Outputs a structured JSON report with findings and a summary.
Quick Start
Run the script on a directory containing PF files to generate a complete prefetch-analysis report.
Dependency Matrix
Required Modules
windowsprefetch
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: analyzing-windows-prefetch-with-python Download link: https://github.com/Axxxxxxaaann/KAIRI-Skills/archive/main.zip#analyzing-windows-prefetch-with-python Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.