Home Adventures! A Prefetch File in $I30 Slack, PyInstaller & Prefetch Hash Cracking

I often test my tools on my old computer at home. It’s so much more interesting to investigate than a newly created virtual machine. Today, while testing, I found evidence of activity from almost 2 years ago. It got me really excited, and I thought it would make a cool blog post! Here’s a snippet from the timeline I created using MFTECmd and INDXRipper: A Prefetch File in $I30 Slack The Prefetch file FLOSS64....

July 2, 2022 · 5 min · 881 words · Harel Segev