プリフェッチファイルの内容確認 (WinPrefetchView, PFDump)

WinPrefetchView

PFDump

Usage

---------------------------------------------------------
--           PFDump - Prefetch Dump Tool               --
--                  Version: V.1.0                     --
--    Member of the Malware-Hunters Forensic Toolkit   --
--            Written by Michael G. Spohn              --
--             http://www.malware-hunters.neet         --
---------------------------------------------------------
--          Use this tool at your own risk             --
--                  NO WARRANTY!                       --
---------------------------------------------------------

Usage: PFDump [/d] [/h] [/i <str>] [/l] [/m <str>] [/o <str>] [/s] [/t] [/v] [/V] [/w] [/x]
  /d, --debug           Create debug log
  /h, --help            Display this notice
  /i, --input=<str>     Input file or directory
  /l, --local           Process local prefetch files
  /m, --hostname=<str>  Hostname
  /o, --output=<str>    Output file - default: PFDump_localhost.txt
  /s, --stdout          Report to stdout
  /t, --localtimes      Include local times
  /v, --verbose         Chatty output
  /V, --version         Show version and exit
  /w, --html            HTML report format
  /x, --xml             XML report format