During the forensic analysis of a Windows machine, you may find the name of a deleted prefetch(Prefetch-Hash-Cracker) file. While its content may not be recoverable, the filename itself is often enough to find the full path of the executable for which the prefetch file was created. Using the tool The following fields must be provided: …
Continue reading “Prefetch-Hash-Cracker : A Small Util To Brute-Force Prefetch Hashes”