search

Invoke-IR / PowerForensics

PowerForensics provides an all in one platform for live disk forensic analysis
MIT License
1.38k stars 274 forks source link

Prefetch Windows 10 #78

Open jaredcatkinson opened 8 years ago

jaredcatkinson commented 8 years ago

Get-ForensicPrefetch is not compatible with the Prefetch format on Windows 10

jaredcatkinson commented 8 years ago

Windows 10 uses a much different file format for Prefetch files. This is likely going to be a large effort to fix. http://blog.digital-forensics.it/2015/06/a-first-look-at-windows-10-prefetch.html