WebPrefetch file parsing with PECmd If you have found some suspicious prefetch files and want to perform in-depth analysis, there is another tool by Eric Zimmerman that can help you - PECmd. This is a free and fast command-line tool capable of parsing Windows Prefetch files, both in old and new formats. Web—PECMD模块可将单个WCS打包成单文件(直接拖入)可不释放临时文件在内存中运行。 —可传递参数,内置参数、外置参数均支持,这是其它单文件制作程序无法达到的高度; —支持打包exe、bat、cmd、vbs、wcs,并且运行WCS时无需额外准备PECMD.exe。
Prefetch file parsing with PECmd Windows Forensics Cookbook
http://07xb.com/article/28879 WebPECMD - WinPE Commander, built-in support for following environment variables ----- CurDir : Profile directory IECache : IE temporary directory name SendTo : Sent to directory CurFile : Name of configuration file MyName : Its own file name StarMenu : Start menu directory Desktop : Desktop directory name Personal : My Documents directory Startup ... how to know when to harvest peaches
Prefetch file parsing with PECmd Windows Forensics Cookbook
Windows Prefetch parser in C# Introducing PECmd! PECmd v0.6.0.0 released PECmd, LECmd, and JLECmd updated! Download Eric Zimmerman's Tools. All of Eric Zimmerman's tools can be downloaded here. Use the Get-ZimmermanTools PowerShell script to automate the download and updating of the EZ Tools suite. Webpecmd.exe is usually located in the 'X:\Windows\System32\' folder. Some of the anti-virus scanners at VirusTotal detected pecmd.exe. If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page. Vendor and version information [?] how to know when to harvest weed