This EnScript was written to search unallocated cluster for deleted prefetch data. If found, the EnScript will parse out the name of the executable, last run time and run count. The data is displayed in the console as well as bookmarked. This EnScript supports finding prefetch file data in unallocated for Windows XP, Vista & 7.

http://www.forensickb.com Customized EnCase EnScript development (v6 & v7) Customized Forensic Automation / Workflow